-
Notifications
You must be signed in to change notification settings - Fork 37
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to configure LDAP for wicked portal #211
Comments
Currently, there is no LDAP support out of the box, but it's possible to implement with one small additional service deployed alongside wicked, and by leveraging the https://github.com/Haufe-Lexware/wicked.haufe.io/blob/master/doc/auth-external.md In short, the service (which should be deployed in a way such that only wicked.auth can access it) will receive a username and password, which then must be validated against a user store; this can be an LDAP store, where you first look up the user by username (to get the DN), and then bind against the LDAP server again with that DN and the given password. In case this was successful, return the OIDC profile and wicked will continue from there. This means that wicked will federate LDAP (or any username/password store) into any OAuth2 flow (implicit, authorization code, resource owner password grant). LDAP will eventually be implemented directly in wicked as well, but it's not top priority just yet. Does this help? |
Implementing LDAP as an auth method looks pretty reasonable to do though... |
Thanks for the response, its helpful. Thanks, |
I take this back; LDAP support is coming in the next version (1.0.0-rc.8). See #126. I would be thankful if you could take this for a test drive as soon as it's implemented and checked in to |
@karthiknaga87 @kbhuvanamohan Have you had time to check out my proposed changes? I would still go and merge this and release it into rc.8 today. |
@DonMartin76 will be happy to take this up for a quick test. Kindly let us know once its available in next. Thanks, |
It's available in next, and was even released to 1.0.0-rc.8. |
@DonMartin76, We had a check on this and was successfully able to configure and use the service over LDAP setup in our local. LDAP configuration worked as expected, Thanks for the update and let me know if more details required. Thanks |
@DonMartin76 on top of the above, we are now exploring the SAML option and looking for the instructions to implement the same, it could be helpful if you can guide us on SAML implementation. |
@DonMartin76 In case you have any template to capture the test results, i would be happy to fill the same for you. |
For SAML configuration, see here: https://github.com/Haufe-Lexware/wicked.haufe.io/blob/master/doc/auth-saml.md I am closing this for now, is that okay? Thanks for giving the LDAP integration a try. |
@DonMartin76 Thanks for that, yes we are good to get this closed but just have a few more questions on SAML, could be helpful if you can provide your inputs here-
which ones should we use for each
Thanks, |
The SP for your SAML team is wicked's Auth Server, which exposes its metadata at
This metadata XML should contain everything they need, including all the URLs they need. SAML2 is supported. If you have further questions on SAML, please rather file a new help issue. |
@miguelpoyatosmora |
hi Team,
We are trying to implement the LDAP setup for our Wicked portal to make the wicked portal login based on the common LDAP setup that we have. kindly help providing us the instructions to implement the same.
let us know if more details required.
Thanks,
Karthik N
The text was updated successfully, but these errors were encountered: