[feature]: SSO/SAML and LDAP auth #1296
Comments
|
Hey there, just added a PR for SSO with OIDC which resolves Issue #413. I think I can look into SAML and/or LDAP soon. |
|
@torbenraab Thanks, I will look into that PR to see if it helps me understand how to go about the integration. Ideally, I want to add tequila auth to Plane for my $DAYJOB usage, which has a Django auth module present at https://github.com/epfl-si/django-tequila. I have been trying to add this to the Django app, but can't get it to work as I desired (I wanted the login page to automatically redirect to tequila for auth and use the redirect to get the user info and login). I have started some work at #1337, and would love if someone can guide me through integrating and enabling the tequila auth properly. I think I will need to add the configs to |
|
@rush-skills Does Tequila support OIDC? Then maybe the best option is to go with my PR. I just implemented the option to do the login automatically via OIDC if the variable is set to. |
|
Hey @torbenraab |
|
Hi all. web/.env space/.env Authorization on the keycloak server passes and redirects to the PLANE page, where it says that authorization failed. |
|
@Alexander-creator333 Hey, just reworked my OpenID Connect PR and the new can be found as #3341 please try it with the new code |
|
When can we expect this to be ready? :) |
|
+1 |
|
Would like to add LDAP support to this. Might be an easy one to dash out as bookstack has native LDAP integration in place using docker. |
|
From my side SAML is preferred |
|
+1 |
|
@theparthacus Thanks for showing upstream activity on this issue. If I may ask, as many like me will be curios, is there a rationale behind closing here? Could maybe also be good to introduce a label not planned, which helps people navigate the issues. |
I learned that if you pay for their software you get this feature. I can't see why they would ever implement this on their upstream build as this a big reason why companies and small teams would pull the trigger on their "Pro" build. |
|
If that's the case that's a total shame. That would be considered an SSO tax and most companies would not go for this as this is the basic question we ask whenever we try to justify integrating software. Does it have SSO? If so, does it cost? How much does it cost? We typically don't go for SSO taxed software because that's just a detriment to security at the base of any companies security posture. |
|
I was looking at maybe going to OpenProject, but even with a name like that they sadly suffer from the same issue. I think it also is weird that they don't let homelabbers use these things for free, as SSO is the future. |
Yes, that is kind of sad that they can't for home lab use. I actually used to buy Atlassian products for $10 a year self-hosted and they would donate that money to a cause or something. I've already shot them a message about this because I would totally be open to something like this if I had to pay for it. At this point, no way am I forking $790 for lifetime or $7 a user per month for software I use for fun at home. |
|
Putting SSO, a severe security feature, behind a paywall gives you a very bad name in the self-hosted community. The community would happily contribute to this feature for free and maintain it, which is a win-win situation for everyone. |
Is there an existing issue for this?
Summary
According to https://plane.so/pricing and #1211
SSO/SAML will be present in the open-source self-hosted version of plane.
Do we have any timeline on when that might be ready?
Also, does Plane support LDAP auth? Can it be easily added - is the auth engine flexible or easily to work around with?
Why should this be worked on?
Adding SSO login support enables much easier integration with existing IAM solutions present inside firms and thus adding this crucial feature will make it ready to be used by our team in my $DAYJOB
The text was updated successfully, but these errors were encountered: