SSO USer Federation in nethserver (gluu,keycloack,privacyID3A)

oneitonitram · March 14, 2020, 5:31am

This conversation begins with a simple nice article here:

identity federation
we all have many systems that we log into, as well as we manage multiple users in our organizations who log in to various tools and systems.

for internal use cases, LDAP and AD, work great, but for external products, it does not. because of security concerns etc.

The goal of this spree, is to get a great implementation that will help us use Nethserver
as a user management system, that connects to a user federation, then we can make use of SSO and SAML, as well as other technologies to authenticate with other servers.

oneitonitram · March 14, 2020, 5:36am

As was pointed out in this thread here by @Karim_Paul
getting keycloack to do a two-way user sync is currently not possible. we will keep testing to see if it can be possible.
I stumbled upon gluu as a potential system that can be used for this case.

https://www.gluu.org

Anyone who has used it can contribute on our endeavour.
ill be attemtping to get it to work.
@mrmarkuz care to join

oneitonitram · March 15, 2020, 5:40pm

i have installed gluu on my server, but it seems like there has to be some virtualhosts setup.

during installation, the software prompted to install apache. i rejected, as nethserver already has Nethserver installed.

Now that the installation has been completed, its hard to figure out, how exactly to edit those records.

mrmarkuz · March 15, 2020, 5:41pm

I’ll post installation asap, you need to configure local apache to reverse proxy to the gluu spawn container.

oneitonitram · March 15, 2020, 5:53pm

the setup script in detail is found here:

github.com

GluuFederation/community-edition-setup/blob/master/setup.py


#!/usr/bin/python3

# The MIT License (MIT)
#
# Copyright (c) 2014 Gluu
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE

This file has been truncated. show original

changing gluu hostname:
https://github.com/GluuFederation/community-edition-setup/tree/master/static/scripts/change_hostname

oneitonitram · May 11, 2020, 3:26pm

@mrmarkuz i am curious, you were testing one of the solutions.

Which ones so far have you managed to look into?

oneitonitram · January 9, 2024, 4:08am

this seems to be a solution solved by SCIM, just an update.