Jump to content

Centralized Authentication Functionality (LDAP/SSO/HTML Header/RADIUS) [DEVELOPMENT STARTED]


Untoten

Recommended Posts

drashna

That number wont be published, emby is pretty top secret with their business plan.    They are educated assumptions, as you said. 

 

But the emby team didn't jump on your $1k offer, you have to wonder why?   Either 1k isn't a lot of money and it doesn't help them with their big picture goal, or there is an emby conspiracy going on here, and they just want to upset you.  I'm leaning toward number one. 

 

Ok ok, I know you really want this feature but you have to put some trust in the software company, be patient buddy.   I'm sure when they get to the level that emby starts being regularly requested in a corporate environment the feature will break through the minority bubble.  Have a little faith in the emby team.  :)

I'll stop commenting I don't want any bad blood. 

 

You're forgetting option #3, that $1k is a good chunk of money, but doesn't cover even a fraction of the time that it would take to implement the feature, or even test it.  And that the demand for it is a very, very small fraction of the community.

So implementing such a massive code change isn't worth the pittance that has been offered, and the team has decided to work on features that will actively benefit the software and user base much more.

 

 

Seriously, if this is such a massive thing that you'd offer $1k, why not fork it and add it yourself?   And once you've done that, request for the change to be merged. 

 

If you're not willing to do that, then understand that this isn't YOUR software. You're just using it. It's the emby team's software.  

 

 

No it's cool man, I respect what you said, but you know what I mean, it's hard to tell since neither of us know no exact numbers.  I have great faith in them, I defend them on other forums when people crap on their subscription model etc.  If I had no faith I would be throwing money at third parties, but I want a native, unforked solution.  

 

But you also see what I mean, that the other features are great, but they are expansions of the core.  This functionality is a gateway to even being a notion for real large clients. We both know, nothing other than a tiny business would even give this a thought knowing there is no central auth.

 

Sorry if I made you feel like you were making bad blood, I welcome critique, it helps me refine my request.

 

The notion that this software would be used at an enterprise level, let alone any business level is .... humorous at best. The aim and intent is clearly consumer, and I doubt that the tem would want to deal with larger business demands.   This is separate from OEM stuff.   And that it lacks LDAP support is an indication of that as well.

 

Yes, this feature would be nice.  But don't kid yourself. This isn't a business solution.

Link to comment
Share on other sites

This change can only be done by us because it requires all of the apps to be changed as well, and the apps are mostly closed source.

Link to comment
Share on other sites

Untoten

You're forgetting option #3, that $1k is a good chunk of money, but doesn't cover even a fraction of the time that it would take to implement the feature, or even test it.  And that the demand for it is a very, very small fraction of the community.

So implementing such a massive code change isn't worth the pittance that has been offered, and the team has decided to work on features that will actively benefit the software and user base much more.

 

 

Seriously, if this is such a massive thing that you'd offer $1k, why not fork it and add it yourself?   And once you've done that, request for the change to be merged. 

 

If you're not willing to do that, then understand that this isn't YOUR software. You're just using it. It's the emby team's software.  

 

 

 

The notion that this software would be used at an enterprise level, let alone any business level is .... humorous at best. The aim and intent is clearly consumer, and I doubt that the tem would want to deal with larger business demands.   This is separate from OEM stuff.   And that it lacks LDAP support is an indication of that as well.

 

Yes, this feature would be nice.  But don't kid yourself. This isn't a business solution.

Listen, I get your points and I respect/appreciate your input, but as luke has said, this is not really possible without their support, we cannot change the functionality of the close source apps. As I previously mentioned, I had tried to recruit my own devs (3 so far) to task this, to which I was made fully aware of the migraine this would cause without it being natively supported by Emby team

 

And again, you argue how many users will want this, which I have already addressed, any admin running ldap+emby has far more users than regular light admins, so this number is skewed.

 

I think another thread as to the types of customers they support would be more suitable so this does not get off topic, but I will just say I have had 5 corporate customers consider this product but turned it down due to lack of this functionality. (Movie license owners and product placement) So it is a viable business use.  

 

I offered the $1000 to show my more than just forum support, I would give more if it was viable motivation.  But let us concentrate on the feature, really only Emby knows in the end the numbers.  I just want this feature, and wanted to organize the support.

Edited by Untoten
Link to comment
Share on other sites

Jdiesel

Just a comment I would like to make.

 

I consider myself a fairly technology savy person who operates a server with multiple services for multiple users. I know a fair amount about networking, software, and hardware but would by know means consider myself and expert in any area. That being said without googling it I have no idea what LDAP is let alone how it would improve my Emby experience. Now if I, a self proclaimed Emby power user, has no idea about the benefits LDAP would bring I would be willing to bet the average Emby user is even less likely to want it or even know how to use it. I don't doubt this is useful feature to a select few people but I don't think using likes on the forum or GitHub as a gauge for demand is the best representation. The Emby team knows their market better than us "powerusers" and I'm sure that they will get around to it eventually. In the meantime features like Live TV on the Apple TV, server packages for NAS devices, offline playback, or any other feature that is likely to be used by the masses and give them reason to pay for Emby Premiere will likely be priority for the Emby team.

Edited by Jdiesel
  • Like 1
Link to comment
Share on other sites

Dibbes

Yes, this feature would be nice.  But don't kid yourself. This isn't a business solution.

 

It isn't an Enterprise solution as it lacks scalability, however with (a lot of) work, there are possibilities. Various requests were already made, including MSSQL/MySQL support, this particular request and a few others. If it is a business solution or not would be up to the particular business. I can see uses for VOD within businesses as it pretty much integrates with current BYOD policies, etc. There aren't a lot of platforms with this amount of support for this money.

 

 

That being said without googling it I have no idea what LDAP is let alone how it would improve my Emby experience. 

 

In short, integration with an Active Directory infrastructure. How it would improve your particular experience? I have no clue, as I don't know how you're using Emby.

Link to comment
Share on other sites

Untoten

Just a comment I would like to make.

 

I consider myself a fairly technology savy person who operates a server with multiple services for multiple users. I know a fair amount about networking, software, and hardware but would by know means consider myself and expert in any area. That being said without googling it I have no idea what LDAP is let alone how it would improve my Emby experience. Now if I, a self proclaimed Emby power user, has no idea about the benefits LDAP would bring I would be willing to bet the average Emby user is even less likely to want it or even know how to use it. I don't doubt this is useful feature to a select few people but I don't think using likes on the forum or GitHub as a gauge for demand is the best representation. The Emby team knows their market better than us "powerusers" and I'm sure that they will get around to it eventually. In the meantime features like Live TV on the Apple TV, server packages for NAS devices, offline playback, or any other feature that is likely to be used by the masses and give them reason to pay for Emby Premiere will likely be priority for the Emby team.

You are a power user who is tech savvy but you do not know what LDAP (circa 1997) or SSO are?!?! I do not think you are quite the audience this would apply to to be giving a sample of, LDAP is a VERY basic concept, and  many power users (admins) do know what it is and if not, they will quickly learn when it is offered as a function and realize its power.  

 

 If you read the first post, outlining this feature, it would be quite clear:

Context: I am trying to use something like openfire as a Instant Messaging solution which already supports LDAP and SAML2.  So this would allow the current user of emby to seamlessly use web-based instant messenger with the same username and password as Emby without the need to enter them into a form.  This would also allow universal login to be shared with my home PC's, Spiceworks, Ombii, Organizr, etc.  The multitude of possible flexible functionality this could add is truly incredible.

 

 

Again, if you read through this whole thread, you would see the discussion me and EBR had, that there is no way for them to compare the demand for this function vs others, because there is no way to measure how many end users would like a single credential for all services, there is simply no way, there is no dialogue box that asks, no plugin that exists they could measure usage of, it's simply not possible.  But it is very clear from adoptions of any successful technology, that it has quicly become a standard.

 

Right now Emby is highly proprietary and sandboxed, uncooperative with other services as there is no way to interact with the authentication that would allow it to be part of a multi-service solution.  In fact, I have 35 services offered to my users, but Emby is the only one with proprietary auth, no self-service for password reset, user invite, user groups, mass user management or anything of the sort.  It is its own product that causes a huge headache from an administrative standpoint and my users have begun asking for a better solution due to these heavy contraints.  I have been promising them this should be in the near horizon for 2 years now, but I may have to jump ship for something like streama or another solution that supports SSO/LDAP if this is continued to be put on the backburner.  I have done everything I can.

Edited by Untoten
  • Like 2
Link to comment
Share on other sites

Deathsquirrel

Right now Emby is highly proprietary and sandboxed, uncooperative with other services as there is no way to interact with the authentication that would allow it to be part of a multi-service solution.  In fact, I have 35 services offered to my users, but Emby is the only one with proprietary auth, no self-service for password reset, user invite, user groups, mass user management or anything of the sort.  It is its own product that causes a huge headache from an administrative standpoint and my users have begun asking for a better solution due to these heavy contraints.  I have been promising them this should be in the near horizon for 2 years now, but I may have to jump ship for something like streama or another solution that supports SSO/LDAP if this is continued to be put on the backburner.  I have done everything I can.

 

I think it's good to realize that the fact that this description runs entirely counter to what their goals are in this project is probably a big part of why this hasn't happened.  This project seems to be focused on making and selling a powerful, flexible, easy to use home media server.  The freaking Duggars don't have 35 'users' at home ;)

  • Like 1
Link to comment
Share on other sites

pir8radio

I think it's good to realize that the fact that this description runs entirely counter to what their goals are in this project is probably a big part of why this hasn't happened.  This project seems to be focused on making and selling a powerful, flexible, easy to use home media server.  The freaking Duggars don't have 35 'users' at home ;)

 

Ha, I had to google Duggars...  :)

Link to comment
Share on other sites

  • 3 weeks later...
Untoten

Interesting fact, I have made 25+ FR over the past 2+ years, not a single one has been implemented.  Amazing.

Link to comment
Share on other sites

mastrmind11

Interesting fact, I have made 25+ FR over the past 2+ years, not a single one has been implemented.  Amazing.

Learn to code.

  • Like 1
Link to comment
Share on other sites

Dibbes

Interesting fact, I have made 25+ FR over the past 2+ years, not a single one has been implemented.  Amazing.

Some of mine actually have been, so can't complain there...

 

 

Learn to code.

 

Coding is not for everyone, just as speaking various languages fluently without foreign accent isn't for everyone...

  • Like 1
Link to comment
Share on other sites

mastrmind11

 

Coding is not for everyone, just as speaking various languages fluently without foreign accent isn't for everyone...

Coding is for everyone, assuming one has the motivation to learn to code.  Similar to learning a foreign language...  

Link to comment
Share on other sites

Tur0k

+1!!! I would love to see this integrate with M$ AD via LDAP or RADIUS services.

 

 

Sent from my iPhone using Tapatalk

  • Like 1
Link to comment
Share on other sites

mueslo

I'd love this as well. If this gets implemented, I pledge to buy a lifetime subscription. I have a variety of services running on my homelab for family and friends, but only emby requires manual user creation, the rest gets authed via ldap (FreeIPA).

  • Like 1
Link to comment
Share on other sites

  • 3 weeks later...
utah-dave

I think this would be supper nice to have. I have asked about it on and off for a few years now. When you run a full domain and trying to connect all your software, file sharing, printing, remote assess even GPO policies having a part of the AD would in my option open so many more doors for emby. I was talking with one of the coders for PLEX and he made mention they were working on something on their end for the AD. I have been with emby for years now I mean way back with it was media browser. I would love to see you guys beat PLEX out the door with this. I am open to help  in beta testing or what is needed to help.

  • Like 1
Link to comment
Share on other sites

  • 2 weeks later...
KMBanana

Also pledging to buy Premium if this gets integrated.

 

I don't actually even need central sign on, I'd be satisfied if I could use my reverse proxy's http basic authorization to process the login and pass the information through to the Emby server.  

  • Like 1
Link to comment
Share on other sites

I'd be satisfied if I could use my reverse proxy's http basic authorization to process the login and pass the information through to the Emby server.  

 

The main question is we'd have to look at all the really primitive platforms like roku and all the smart tv's to make sure they can accommodate that.

  • Like 1
Link to comment
Share on other sites

KMBanana

The main question is we'd have to look at all the really primitive platforms like roku and all the smart tv's to make sure they can accommodate that.

Yeah, having to support all the different devices and platforms obviously makes making changes like this significantly more complicated. 

 

I saw a recent comment from you that you were going to be updating the credential API and storage to move to bcrypt over the next 6 months so I thought it was a good time to mention my request.  

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...