1ch_h4lt 6 Posted September 24, 2017 Share Posted September 24, 2017 Just want to Push this FR and want to add Radius Support! 2 Link to comment Share on other sites More sharing options...
Untoten 296 Posted September 26, 2017 Author Share Posted September 26, 2017 (edited) Just want to Push this FR and want to add Radius Support! I will add it to the original request post my friend! Make sure to like the first post, so it's all organized likes in one place @@1ch_h4lt Edited September 26, 2017 by Untoten 1 Link to comment Share on other sites More sharing options...
Untoten 296 Posted October 5, 2017 Author Share Posted October 5, 2017 Booompp 2 Link to comment Share on other sites More sharing options...
Untoten 296 Posted October 18, 2017 Author Share Posted October 18, 2017 2 year anniversary bump! 3 Link to comment Share on other sites More sharing options...
schmitty 61 Posted October 29, 2017 Share Posted October 29, 2017 I would like to see SSO, as a minimum implemented... as I use Organizr, which pulls user accounts from Emby to login with Emby credentials. Having SSO would enable people to sign into Organizr, then automatically login to Emby. 2 Link to comment Share on other sites More sharing options...
Dibbes 431 Posted November 6, 2017 Share Posted November 6, 2017 @@Untoten Did you get cake and candles for the 2yr anniversary? 3 Link to comment Share on other sites More sharing options...
Untoten 296 Posted November 12, 2017 Author Share Posted November 12, 2017 I would like to see SSO, as a minimum implemented... as I use Organizr, which pulls user accounts from Emby to login with Emby credentials. Having SSO would enable people to sign into Organizr, then automatically login to Emby. Make sure to like the first post for ease of tracking Ty for the support. Link to comment Share on other sites More sharing options...
mueslo 16 Posted November 22, 2017 Share Posted November 22, 2017 It'd be great to know if it's still on the radar of the main devs. I reiterate my promise to purchase a lifetime membership if this is implemented 1 Link to comment Share on other sites More sharing options...
Luke 37064 Posted November 23, 2017 Share Posted November 23, 2017 It is something we'd like to do in the future, yes. Link to comment Share on other sites More sharing options...
Haxorus 1 Posted November 23, 2017 Share Posted November 23, 2017 I would be neat to see the posters IP addresses, I bet a few of them have the same address....... Link to comment Share on other sites More sharing options...
Untoten 296 Posted November 25, 2017 Author Share Posted November 25, 2017 (edited) I would be neat to see the posters IP addresses, I bet a few of them have the same address....... Posters? I am not endorsing my own post if that is what you are alluding to, and Luke/EBR know that, I have kept regular contact with them. This is purely organic, but thank you for your concern. What I do find interesting though, is that you have made a total of 3 posts, all 3 of which are calling me into question for various reasons, weird. @@ebr @@Luke, anything strange going on there? On another note, let's keep this thread on topic. If you wish to add to the thought of this feature or endorse it, you are more than welcome Edited November 25, 2017 by Untoten Link to comment Share on other sites More sharing options...
mueslo 16 Posted November 26, 2017 Share Posted November 26, 2017 I can confirm I am not Untoten 2 Link to comment Share on other sites More sharing options...
Magic815 18 Posted November 27, 2017 Share Posted November 27, 2017 (edited) I am also not Untoten. I am just a user who wants to be able to incorporate Emby into a remotely accessible website, and have SSO work so that login credentials can be passed from the main website to Emby. @@Luke and @@ebr - You've stated you are interested in community feedback. Here is mine: If I hadn't already paid for Emby Lifetime Premiere, I would be switching to Plex solely for the lack of SSO in Emby. I made the tough decision to give the "little guy" a chance a little over a year ago, instead of just going with Plex. Unanswered requests like this make me regret my decision. You can wave your hands and call me a "power user," but the fact remains that you are allowing a portion of your highest paying customers regret sticking with you over Plex. And with every day a thread like this goes unanswered, that group of users grows. Edited November 27, 2017 by Magic815 2 Link to comment Share on other sites More sharing options...
Dibbes 431 Posted December 4, 2017 Share Posted December 4, 2017 (edited) Last time I checked I wasn't Untoten either, but I would really love to see this. It's not my highest priority though, as I'd love to get the eBooks/Comics and a few issues first, but yes, it's fairly high up there Once these things are fixed, I'll probably go ahead and either get a 2nd server subscription or a 25 device plus license if the multi-server request is finally implemented. Edited December 4, 2017 by Dibbes 2 Link to comment Share on other sites More sharing options...
Untoten 296 Posted December 4, 2017 Author Share Posted December 4, 2017 Last time I checked I wasn't Untoten either, but I would really love to see this. It's not my highest priority though, as I'd love to get the eBooks/Comics and a few issues first, but yes, it's fairly high up there Once these things are fixed, I'll probably go ahead and either get a 2nd server subscription or a 25 device plus license if the multi-server request is finally implemented. While I do not think they should charge 25 a device, cause that would suck lol. I too, will donate. I said $1000 originally if it is implemented, but depends how many years it will take. But I will donate a large amount if they do this, it is critical to me. 1 Link to comment Share on other sites More sharing options...
Dibbes 431 Posted December 4, 2017 Share Posted December 4, 2017 No, I meant the 45 lifetime as per: https://emby.media/premiere-ext.html 1 Link to comment Share on other sites More sharing options...
otispresley 81 Posted December 5, 2017 Share Posted December 5, 2017 There are obviously quite a few users wanting this feature. In fact, Emby is the only thing on my network that I cannot use AD to sign into. I use it to log into my router, switch, Windows Server, PC's and shares, Linux server, and Nextcloud. Out of curiosity, why is this not a higher priority with all the support it is getting? Is it a code issue that requires significant change to the authentication module, or something else? The change should just be server side as the clients do not need to know how they are being authenticated by the server. 1 Link to comment Share on other sites More sharing options...
Dibbes 431 Posted December 6, 2017 Share Posted December 6, 2017 (edited) There are obviously quite a few users wanting this feature. In fact, Emby is the only thing on my network that I cannot use AD to sign into. I use it to log into my router, switch, Windows Server, PC's and shares, Linux server, and Nextcloud. Out of curiosity, why is this not a higher priority with all the support it is getting? Is it a code issue that requires significant change to the authentication module, or something else? The change should just be server side as the clients do not need to know how they are being authenticated by the server. It's a little more complicated than that. Next to the modification to the server itself, all the apps need to be modified and adapted and the Emby-Connect part is going to have to be rewritten entirely... it's not something that you can implement in a week or two. Edited December 6, 2017 by Dibbes 1 Link to comment Share on other sites More sharing options...
Untoten 296 Posted December 6, 2017 Author Share Posted December 6, 2017 (edited) It's a little more complicated than that. Next to the modification to the server itself, all the apps need to be modified and adapted and the Emby-Connect part is going to have to be rewritten entirely... it's not something that you can implement in a week or two. That is not exactly true. For instance, I do not use Emby connect, I use local users. The only thing that the apps would need to change is the way it sends the password. Right now, Emby apps send a hashed password as protection since SSL is not default. But for those of us who have pushed SSL via reverse proxy tunnel this is not needed. All the app would need to be changed to do is to have the ability to send the credentials plaintext based on the server's configuration/preferences. Besides that, all the emby app knows it that is sent credentials and either received an OK response or a incorrect credentials response from the server. The app does not know what the server does on the backend for authentication so it would be quite easy from a perspective of modifying the app. As for modifying the server, SAML2 is documented quite well and especially for the .NET version, would not be a very complex implementation. Obviously the server may take some debugging once it is developed with an LDAP/SAML2/HTTP Header auth connector, but the app will be quite simple. My previous employer undertook implementing this connector on our flagship product and it took one developer 3 days to finish and debug. Edited December 6, 2017 by Untoten Link to comment Share on other sites More sharing options...
Dibbes 431 Posted December 6, 2017 Share Posted December 6, 2017 And there we have the issue. I do use connect and then there is the VPN option for the Mac user and a Linux user in the family.Also, didn't I read somewhere that SAML2 and .net core does not yet fully function, especially not with Linux servers? Link to comment Share on other sites More sharing options...
Untoten 296 Posted December 6, 2017 Author Share Posted December 6, 2017 And there we have the issue. I do use connect and then there is the VPN option for the Mac user and a Linux user in the family. Also, didn't I read somewhere that SAML2 and .net core does not yet fully function, especially not with Linux servers? Connect would be untouched, this would only need to effect local user auth. There would be no reason to touch connect. Please list it, I will read it, but the protocol is quite uniform so I would be surprised if that was anything more than a bug. Every result I see seems to reflect a functional relationship: https://www.google.com/search?q=saml2+.net&oq=saml2+.net&aqs=chrome..69i57j0l5.3282j0j7&sourceid=chrome&ie=UTF-8 Link to comment Share on other sites More sharing options...
Dibbes 431 Posted December 6, 2017 Share Posted December 6, 2017 It would make things easier if .net core was now fully supported. I'm not up to date on this at all. I haven't run into this for a while, professionally speaking. Link to comment Share on other sites More sharing options...
ebr 14912 Posted December 7, 2017 Share Posted December 7, 2017 The only thing that the apps would need to change is the way it sends the password. Right now, Emby apps send a hashed password as protection since SSL is not default. But for those of us who have pushed SSL via reverse proxy tunnel this is not needed. All the app would need to be changed to do is to have the ability to send the credentials plaintext based on the server's configuration/preferences. FYI - this part of the process is already in progress but we need to allow time for all apps to adjust. But then, there is a lot more work that would have to be done on the server side. 2 Link to comment Share on other sites More sharing options...
Untoten 296 Posted December 8, 2017 Author Share Posted December 8, 2017 FYI - this part of the process is already in progress but we need to allow time for all apps to adjust. But then, there is a lot more work that would have to be done on the server side. The nice thing afterward is with users and auth standardized, it will make all user/auth FR's incredibly easy to scale and work with like groups etc. 2 Link to comment Share on other sites More sharing options...
James W 7 Posted December 19, 2017 Share Posted December 19, 2017 I hope this is implemented at some point. Central user management is an amazing feature to have. I really want to keep the user&password combo the same across all the services I have. It also brings much more functionality like password complexity requirements, account lockout, group management, feature access and limitations, the list could go on and on. I have not really looked at the code much or the side projects that start to get this ready. A plugin or server implementation would be great to bring this functionality. Currently all my users are not allowed to view profile settings and I have made their passwords complex to avoid a security breach. I cannot let them have their own passwords as they can create anything right now. Is there some way to allow LDAP auth from whatever devices would be easy to support and keep old apps on the basic login for compatibility? I know it is not the best practice for the long run but could it be an option? 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now