End User Authentication

[justin...@nike.com]

I have been doing research into using Confidant as a Secret Management solution. I was very intrigued because of its tight integration with AWS, my team is a fan of offloading as much of the infrastructure overhead to AWS as possible.

I was a little surprised to learn that the only auth model supported is Google Auth, and from briefly  reading Satellizer, I gathered that it only supports OAuth providers. I wonder if supporting more than just OAuth and allowing the integration of other enterprise solutions such as LDAP or SAML providers would lead to greater adoption.

Just to confirm there is no current way to integration Confidant with anything other than Google Auth correct?

[justin...@nike.com]

I left out some context sorry,

When I mention Satellizer I was refeering to an idea purposed in the following issue: https://github.com/lyft/confidant/issues/9 of making the Auth more modular.

Cheers,

Justin

[Ryan Lane]

Hey Justin,

We'd definitely like to have SAML as an auth method. I'd really like to avoid username/password auth if possible (like LDAP), but I'm not opposed to it. The only reason we only support oauth2 is because that's what we're currently using.

satellizer will make the oauth2 providers easier and will make it easier for us to have a proper signin flow. I think the login page we'd be generating wouldn't require it, so saml as another option on that page would work.

Looks like the easiest library to go with for this is python-saml. Seems OneLogin maintains it, but it says it works with any IdP. I'll update issue 9 with this info.

Thanks for the email!

- Ryan

--
You received this message because you are subscribed to the Google Groups "confidant-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to confidant-use...@googlegroups.com.
To post to this group, send email to confida...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/confidant-users/1c1ef6e6-a7da-44ed-87cf-d51cd2be1445%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Ryan Lane]

Hey Justin,

Just to follow up on this, Andy Brody added SAML support to the v1.1 branch of Confidant. He also refactored the authentication code so that it's possible to add support for other types of auth. It's not yet documented, but we'll have docs before a proper release of 1.1

- Ryan

On Monday, November 16, 2015 at 10:16:20 AM UTC-8, Ryan Lane wrote:

Hey Justin,

We'd definitely like to have SAML as an auth method. I'd really like to avoid username/password auth if possible (like LDAP), but I'm not opposed to it. The only reason we only support oauth2 is because that's what we're currently using.

satellizer will make the oauth2 providers easier and will make it easier for us to have a proper signin flow. I think the login page we'd be generating wouldn't require it, so saml as another option on that page would work.

Looks like the easiest library to go with for this is python-saml. Seems OneLogin maintains it, but it says it works with any IdP. I'll update issue 9 with this info.

Thanks for the email!

- Ryan

On Fri, Nov 13, 2015 at 11:22 AM, <justin...@nike.com> wrote:

I have been doing research into using Confidant as a Secret Management solution. I was very intrigued because of its tight integration with AWS, my team is a fan of offloading as much of the infrastructure overhead to AWS as possible.

I was a little surprised to learn that the only auth model supported is Google Auth, and from briefly  reading Satellizer, I gathered that it only supports OAuth providers. I wonder if supporting more than just OAuth and allowing the integration of other enterprise solutions such as LDAP or SAML providers would lead to greater adoption.

Just to confirm there is no current way to integration Confidant with anything other than Google Auth correct?

--
You received this message because you are subscribed to the Google Groups "confidant-users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to confidant-users+unsubscribe@googlegroups.com.
To post to this group, send email to confidant-users@googlegroups.com.