Jump to content


Photo
Completed

Centralized Authentication Functionality (LDAP/SSO/HTML Header/RADIUS) [DEVELOPMENT STARTED]

LDAP SSO SAML SAML2 Authentication security radius

  • Please log in to reply
211 replies to this topic

#201 Untoten OFFLINE  

Untoten

    Advanced Member

  • Members
  • 425 posts
  • Local time: 03:48 AM
  • Locationhttps://emby.media/community/index.php?/topic/26495-centralized-authentication-functionality-ldapssohtml-header/

Posted 19 April 2018 - 02:19 PM

A new topic would probably be better, otherwise it's hard to assess the interest level for SSO vs LDAP. There could be a lot who are satisfied with what we've already done but that's difficult to measure.

Fair enough, I will try to separate all the information and likes in a different topic.  How hard would it be to just accept proxy/header auth?  That could be a simple SSO solution that would not require a full up-to-spec SAML implementation.

 

Thank you again for getting this done, with my poor luck I flew out to Denmark the day you released it and have not had a chance to try it yet haha.



#202 Luke OFFLINE  

Luke

    System Architect

  • Administrators
  • 153204 posts
  • Local time: 05:48 AM

Posted 16 May 2018 - 02:41 PM

I've pushed an update to the LDAP plugin to allow you to specify the default libraries that an LDAP user should be given access to. Thanks !



#203 doug.dimick OFFLINE  

doug.dimick

    Member

  • Members
  • 22 posts
  • Local time: 01:48 AM

Posted 14 June 2018 - 12:41 PM

I'm trying to figure out where I can add my self-signed CA root cert so that I can use the LDAP plugin with SSL. In the Emby docker image there's /etc/ssl/certs/ca-certificates.crt but appending the certificate to that file doesn't appear to help. Where does Emby look for trusted CA certs?



#204 Luke OFFLINE  

Luke

    System Architect

  • Administrators
  • 153204 posts
  • Local time: 05:48 AM

Posted 14 June 2018 - 12:49 PM

That's a good question. We haven't tested that sort of thing at this point.



#205 doug.dimick OFFLINE  

doug.dimick

    Member

  • Members
  • 22 posts
  • Local time: 01:48 AM

Posted 15 June 2018 - 11:38 AM

On another note, I generally permit ldap users to log in using either their uid/username or their email address. Emby treats those as two separate accounts, though. It would be nice if I could tell Emby to use a specific ldap field for the Emby-side account name. The below string works for authentication the way I want, I just wind up with both "doug" and "doug@my.org" as Emby accounts if I log in both ways.

 

User search filter:

(&(|(uid={0})(|(mailPrimaryAddress={0})(mail={0})))(memberof=cn=embyusers,cn=groups,cn=accounts,dc=my,dc=org))


#206 Luke OFFLINE  

Luke

    System Architect

  • Administrators
  • 153204 posts
  • Local time: 05:48 AM

Posted 15 June 2018 - 12:09 PM

Hi, yes I agree that's a good idea as well. Thanks.



#207 twinkybot OFFLINE  

twinkybot

    Advanced Member

  • Members
  • 81 posts
  • Local time: 11:48 AM

Posted 04 June 2019 - 04:56 AM

Nice work with the LDAP plugin :)

Working like a charm.



#208 metalcated OFFLINE  

metalcated

    Newbie

  • Members
  • 5 posts
  • Local time: 04:48 AM

Posted 30 August 2019 - 03:33 PM

LDAP works, but its simple and only one authentication method. Regardless kodos for making this happen! :) 

 

I saw in the main thread 

  • SAML2 connector

Is that still something that is being considered? I would really like having that functionality to integrate Okta authentication as a means of logging in. Just curious. Thanks!



#209 Luke OFFLINE  

Luke

    System Architect

  • Administrators
  • 153204 posts
  • Local time: 05:48 AM

Posted 30 August 2019 - 03:38 PM

 

LDAP works, but its simple and only one authentication method. Regardless kodos for making this happen! :)

 

I saw in the main thread 

  • SAML2 connector

Is that still something that is being considered? I would really like having that functionality to integrate Okta authentication as a means of logging in. Just curious. Thanks!

 

 

I guess first we need to understand the demand for that compared to just having LDAP. Can you open a feature request topic for this? That will allow us to better measure it. Thanks !



#210 metalcated OFFLINE  

metalcated

    Newbie

  • Members
  • 5 posts
  • Local time: 04:48 AM

Posted 30 August 2019 - 05:15 PM

I guess first we need to understand the demand for that compared to just having LDAP. Can you open a feature request topic for this? That will allow us to better measure it. Thanks !

 

https://emby.media/c...method-ie-okta/

 

Thanks!



#211 nt-it-team OFFLINE  

nt-it-team

    Member

  • Members
  • 10 posts
  • Local time: 09:48 AM

Posted 05 February 2020 - 06:32 AM

Hello,

 

Will the LDAP integration continue to work after the changes due in March regarding LDAP signing?

 

ref:

https://support.micr...ent-for-windows

https://www.pkisolut...-in-march-2020/



#212 Luke OFFLINE  

Luke

    System Architect

  • Administrators
  • 153204 posts
  • Local time: 05:48 AM

Posted 05 February 2020 - 11:37 AM

Thanks for the info. I guess we'll find out as soon as we can test it. If it doesn't then we'll update the plugin.





Also tagged with one or more of these keywords: Completed, LDAP, SSO, SAML, SAML2, Authentication, security, radius

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users