Jump to content

Centralized Authentication Functionality (LDAP/SSO/HTML Header/RADIUS) [DEVELOPMENT STARTED]


Untoten

Recommended Posts

Untoten

I even offered the Emby team $1000 to implement this. 

Edited by Untoten
Link to comment
Share on other sites

  • 2 weeks later...
  • 3 weeks later...
Untoten

BUMP - This request is now 648 days old, no progress has been made.

~100 users want this, at the least.

Edited by Untoten
Link to comment
Share on other sites

Untoten

It is something we would love to do, but first we need to get our offline sync and live tv features a little more mature. it is in our crosshairs though.

 

So it seems offline sync has been fixed and Live TV has made quite some progress, is there still more you wish to do with those @@Luke? I think this feature has come up to queue. There are a few users that spoke up saying no LDAP stopped them from using this product and probably more that haven't spoken up. the user 'cervy1536' even made an account only to post this concern, it was that compelling to him.  It is the only post he has made in fact.

Edited by Untoten
Link to comment
Share on other sites

pir8radio

Bump

 

EDIT: Over 4000 views on this request now <3

 

 

BUMP - This request is now 648 days old, no progress has been made.

 

~100 users want this, at the least.

 

    Lets say (hypothetically of course) emby has 90,000+ users 100 is 0.112% of that user base...   I personally want to see TV get fixed up.  All of my Comcast/Xfinity channels, I subscribe to, work in emby and I would love to switch over to emby for that 100%.  

 

What if you could use LDAP or SSO with your current IIS reverse proxy, but had to still enter the users in emby to set access and privs, but from then on out a SSO to get that user into the server, future password changes would occur in LDAP or windows?    As a workaround until the emby team can get to native ldap support.

Edited by pir8radio
Link to comment
Share on other sites

Untoten

    Lets say (hypothetically of course) emby has 90,000+ users 100 is 0.112% of that user base...   I personally want to see TV get fixed up.  All of my Comcast/Xfinity channels, I subscribe to, work in emby and I would love to switch over to emby for that 100%.  

 

What if you could use LDAP or SSO with your current IIS reverse proxy, but had to still enter the users in emby to set access and privs, but from then on out a SSO to get that user into the server?    As a workaround until the emby team can get to native ldap support.

1) How many users are actually on the forum? Total users with the software is not a good indicator.  

 

2) What else on Live TV?  it has quite extensive functionality/stability.

 

3) How would that work?  I was thinking a basic authentication type workflow with an emby service account, but that would destroy user watched/progress tracking.  In the end, it is best to have native support, and user authentication using a universal supported protocol is something that should be a high priority before adding addition features, as it is a core functionality.

 

EDIT: So for #1 actually did a query, I was quite generous with my filters.  I only filtered by members who have posted in the past 2 years (which does not mean they ever saw this FR to begin with).  The query resulted in 6300 users, which is probably more accurately around a few thousand who are relevant at most (how many actually look at FR's.  Even at the full 6300, of the 100 endorsements, that is still over 1%, but I guarantee a great number of those users are not admins, or even at a level to run LDAP.  The point again is not how many people, that frankly does not matter, the central auth functionality is very powerful and could get large clients, I have had a few companies interested but scoffed at the lack of this functionality. 

Edited by Untoten
Link to comment
Share on other sites

pir8radio

1) How many users are actually on the forum? Total users with the software is not a good indicator.  

 

2) What else on Live TV?  it has quite extensive functionality/stability.

 

3) How would that work?  I was thinking a basic authentication type workflow with an emby service account, but that would destroy user watched/progress tracking.  In the end, it is best to have native support, and user authentication using a universal supported protocol is something that should be a high priority before adding addition features, as it is a core functionality.

 

1) no clue, people not on the forum are probably happy with emby the way it is.....   I'm not on my LG refrigerator forum...  I like my fridge the way it is..

2) I personally find it still unstable, long time to tune, recordings sometimes have minor issues.   Its not as stable as my commercial DVR yet. just my opinion though.

3) No not a single user...   create different users with passwords that only IIS knows, and then control access with IIS.  Use the same form post login that you would normally use on the emby home page except iis is performing that task behind the scenes.. 

Edited by pir8radio
Link to comment
Share on other sites

Untoten

1) no clue, people not on the forum are probably happy with emby the way it is.....   I'm not on my LG refrigerator forum...  I like my fridge the way it is..

2) I personally find it still unstable, long time to tune, recordings sometimes have minor issues.   Its not as stable as my commercial DVR yet. just my opinion though.

3) No not a single user...   create different users with passwords that only IIS knows, and then control access with IIS.  Use the same form post login that you would normally use on the emby home page except iis is performing that task behind the scenes.. 

1) or like me, they just don't like signing up for more sites, it took me a while before I even made an account and I wanted LDAP for atleast 6 months before that.

 

2) Fair enough, but that is dependent on the method you use.  Personally I use HD Homerun and find it incredible, no plugins, just native support with hardware trans-coding on the tuner enabled.  It will be hard for them to support all methods, forever, that is more of a chase than anything, but once LDAP or a universal protocol is introduced, it is not going to change much.

 

3)  That destroys the ability to use it with the mobile apps.  

Link to comment
Share on other sites

pir8radio

3)  That destroys the ability to use it with the mobile apps.  

 

 

True, I'm just trying to help a brother out.  Think outside the box.   I don't know enough about the emby api to think much further outside of the box.   But emby connect is able to connect users to your server via a pin....   I would think an alternative emby connect SSO site could do something similar and not require rewriting a bunch of apps as well as the server. Something using Web SSO?

  • Like 1
Link to comment
Share on other sites

Untoten

True, I'm just trying to help a brother out.  Think outside the box.   I don't know enough about the emby api to think much further outside of the box.   But emby connect is able to connect users to your server via a pin....   I would think an alternative emby connect SSO site could do something similar and not require rewriting a bunch of apps as well as the server. Something using Web SSO?

I have trust me, I specialize in infra and I have privately contacted 3 devs I know, which say okay, let's try it out, they dig into the code and they're like my god, have the Emby team do this it's like 3x's the work to do a work around than to just have them add a connector.

  • Like 1
Link to comment
Share on other sites

Untoten

In reality, it should not be much work for them to just accept auth via http header, but I have not heard a reply on that.   But that could be an easy solution for now that would not take them much time to implement.

Link to comment
Share on other sites

pir8radio

In reality, it should not be much work for them to just accept auth via http header, but I have not heard a reply on that.   But that could be an easy solution for now that would not take them much time to implement.

 

Its not hard probably, for the web gui, but like you pointed out previously they have to make this work with all of the apps as well.  I would venture to guess if the emby team decided today "yes we are going to do this" with their other obligations, testing, app additions, as well as the server, and testing on all platforms/apps, you wouldn't see this for at least another year and a half anyway. 

 

The only quick option I see is if the emby team was able to modify their emby connect to work with sso.

Link to comment
Share on other sites

Total users with the software is not a good indicator.  

 

I'm just curious as to why you feel the total user base should be ignored?

 

(hint: we don't agree)

Link to comment
Share on other sites

Untoten

I'm just curious as to why you feel the total user base should be ignored?

 

(hint: we don't agree)

Because the users you are counting in that case are only administrators of the service, not total end users.  

 

 

As you said,

We do not track your user lists nor what you are watching.

 

We do, however, know how many devices are in use by our Premiere subscribers.

 
So you are not able to track how many users the admins are hosting for.  And many users asking for this feature are more than likely running a heavy service.  It would be safe to say each admin that supports this has 10+ users, or atleast more users than the users of other parts of this service.
Edited by Untoten
Link to comment
Share on other sites

Because the users you are counting in that case are only administrators of the service, not total end users.  

 

You are assuming all administrators are forum members (as that's the only thing you included in your count) and this is not the case.  We know how many servers are out there and it is significantly more than the number of active forum members.

 

The bottom line is - these types of features simply have to be lower priority than some others that serve a larger community.

 

Eventually, we hope to get absolutely everything done.

Link to comment
Share on other sites

Untoten

You are assuming all administrators are forum members (as that's the only thing you included in your count) and this is not the case.  We know how many servers are out there and it is significantly more than the number of active forum members.

 

The bottom line is - these types of features simply have to be lower priority than some others that serve a larger community.

 

Eventually, we hope to get absolutely everything done.

 

Well no, what I said was, 'Total users with the software is not a good indicator.  '  Not forum users, I said users with the software installed (server).  What I am saying, is even if you record that number, it does not indicate the number of end-users they have, which would enjoy this feature, even if they do not percieve its full impact.  

 

It's really almost impossible to track what priority this feature is, as the others you can monitor the users using things, such as live tv.  But it's not possible to track users who would prefer ldap, etc.  As they don't really have a way to indicate as such, or a feature they use that would indicate as such.

 

I offered $1000 for this feature, which should cover a week of dev or so, I am not just pushing for this, I offered to assist in payment for it.

Link to comment
Share on other sites

Dibbes

Eventually, we hope to get absolutely everything done.

 

That's absolutely never going to happen... *grin*

 

 

I offered $1000 for this feature, which should cover a week of dev or so, I am not just pushing for this, I offered to assist in payment for it.

 

@@ebr & @Luke: if money doesn't put it on top of the list, what would?

Link to comment
Share on other sites

Untoten

That's absolutely never going to happen... *grin*

 

 

 

@@ebr & @Luke: if money doesn't put it on top of the list, what would?

That is what I am curious about, That is why I offered payment and tried to develop this FR's main post as extensively as possible, I scour the internet weekly looking for any updates or user-created advancements.

Link to comment
Share on other sites

pir8radio

That's absolutely never going to happen... *grin*

 

 

 

@@ebr & @Luke: if money doesn't put it on top of the list, what would?

 

As I always say, I'm not a part of the emby team and what I say does not represent their opinions.     But being familiar with some commercial software development, I would venture to guess that emby's priority is keeping the majority of their current customers while bringing in new customers. 

 

What can emby do to achieve that goal?  

1. improve live TV it's what is most talked about, most complaints about on the forums, and what most people migrating from other media servers are looking for. Which will help bring in new users. 

2. continue to improve what is already in place (help keep majority of current customers, wont be able keep them all, its a balancing act).

3. add new features that the majority will accept, or that the majority wants. 

 

Money is a good thing, it can help with all of the above goals.   But lets do some math, Lets say that there ARE 90k+ emby users, and lets pick a low number, lets say 5,000 of them are premier members @100 bucks each that brings in $500,000.  I'm guessing with all of the monthly and yearly, as well as the actual number of premier subscribers,  the $1000 bounty is a drop in the bucket, that equals 10 new premier subscribers.   So my thinking is,  if I can add a feature that gains me 30 new premier users I gain 3k  OR I take the 1000 dollars spend my time to develop this new feature for this small group (I am one of that group by the way) and loose out on developing the new feature that will gain me 30+ premier users.  The smart business choice is to go with the new features, Yea i'm going to loose some of the group that wanted the new feature but not all 100 of them...  Probably only like 5 or so, because the software is good enough to keep them even without the added feature. 

 

Again, I DO NOT represent emby, just stating common sense stuff here.  I too would like ldap integration, but i'm fine without it I would rather see emby grow into the only media server. So I will wait for the new features to be added. 

Link to comment
Share on other sites

Untoten

As I always say, I'm not a part of the emby team and what I say does not represent their opinions.     But being familiar with some commercial software development, I would venture to guess that emby's priority is keeping the majority of their current customers while bringing in new customers. 

 

What can emby do to achieve that goal?  

1. improve live TV it's what is most talked about, most complaints about on the forums, and what most people migrating from other media servers are looking for. Which will help bring in new users. 

2. continue to improve what is already in place (help keep majority of current customers, wont be able keep them all, its a balancing act).

3. add new features that the majority will accept, or that the majority wants. 

 

Money is a good thing, it can help with all of the above goals.   But lets do some math, Lets say that there ARE 90k+ emby users, and lets pick a low number, lets say 5,000 of them are premier members @100 bucks each that brings in $500,000.  I'm guessing with all of the monthly and yearly, as well as the actual number of premier subscribers,  the $1000 bounty is a drop in the bucket, that equals 10 new premier subscribers.   So my thinking is,  if I can add a feature that gains me 30 new premier users I gain 3k  OR I take the 1000 dollars spend my time to develop this new feature for this small group (I am one of that group by the way) and loose out on developing the new feature that will gain me 30+ premier users.  The smart business choice is to go with the new features, Yea i'm going to loose some of the group that wanted the new feature but not all 100 of them...  Probably only like 5 or so, because the software is good enough to keep them even without the added feature. 

 

Again, I DO NOT represent emby, just stating common sense stuff here.  I too would like ldap integration, but i'm fine without it I would rather see emby grow into the only media server. So I will wait for the new features to be added. 

You keep making these unfounded number assumptions, your point is only valid if the numbers are even within the ballpark.  I understand the point you are trying to make, but without actual  numbers, the point is weightless.  It is pure assumption.

 

Not to mention, something like central auth could make this viable to large corporate customers, of which I have had multiple already drop the product due to lack of this basic functionality and they will bring far more than a monthly payment, they would easily pay for the dev hours.  Like I have mentioned, I offered $1000 as a small business, imagine what the large ones will offer.

 

You say you come from software, have you EVER had success with any user based system in a corporate environment with lack of LDAP/SSO/etc?  I have experience in this as well, and I am telling you no, the security team would rip the apart and forbid its use.

Edited by Untoten
Link to comment
Share on other sites

pir8radio

You keep making these unfounded number assumptions, your point is only valid if the numbers are even within the ballpark.  I understand the point you are trying to make, but without actual  numbers, the point is weightless.  It is pure assumption.

 

That number wont be published, emby is pretty top secret with their business plan.    They are educated assumptions, as you said. 

 

But the emby team didn't jump on your $1k offer, you have to wonder why?   Either 1k isn't a lot of money and it doesn't help them with their big picture goal, or there is an emby conspiracy going on here, and they just want to upset you.  I'm leaning toward number one. 

 

Ok ok, I know you really want this feature but you have to put some trust in the software company, be patient buddy.   I'm sure when they get to the level that emby starts being regularly requested in a corporate environment the feature will break through the minority bubble.  Have a little faith in the emby team.  :)

I'll stop commenting I don't want any bad blood. 

  • Like 1
Link to comment
Share on other sites

Untoten

That number wont be published, emby is pretty top secret with their business plan.    They are educated assumptions, as you said. 

 

But the emby team didn't jump on your $1k offer, you have to wonder why?   Either 1k isn't a lot of money and it doesn't help them with their big picture goal, or there is an emby conspiracy going on here, and they just want to upset you.  I'm leaning toward number one. 

 

Ok ok, I know you really want this feature but you have to put some trust in the software company, be patient buddy.   I'm sure when they get to the level that emby starts being regularly requested in a corporate environment the feature will break through the minority bubble.  Have a little faith in the emby team.  :)

I'll stop commenting I don't want any bad blood. 

No it's cool man, I respect what you said, but you know what I mean, it's hard to tell since neither of us know no exact numbers.  I have great faith in them, I defend them on other forums when people crap on their subscription model etc.  If I had no faith I would be throwing money at third parties, but I want a native, unforked solution.  

 

But you also see what I mean, that the other features are great, but they are expansions of the core.  This functionality is a gateway to even being a notion for real large clients. We both know, nothing other than a tiny business would even give this a thought knowing there is no central auth.

 

Sorry if I made you feel like you were making bad blood, I welcome critique, it helps me refine my request.

Edited by Untoten
  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...