Jump to content


Photo
Completed

Centralized Authentication Functionality (LDAP/SSO/HTML Header/RADIUS) [DEVELOPMENT STARTED]

LDAP SSO SAML SAML2 Authentication security radius

  • Please log in to reply
211 replies to this topic

#41 ebr OFFLINE  

ebr

    Chief Bottle Washer

  • Administrators
  • 50827 posts
  • Local time: 04:52 AM

Posted 29 March 2017 - 12:11 PM

100...?


  • Spaceboy likes this

#42 Deathsquirrel OFFLINE  

Deathsquirrel

    Advanced Member

  • Members
  • 2077 posts
  • Local time: 01:52 AM

Posted 29 March 2017 - 12:37 PM

Let's keep it on topic, it was my mistake for bringing up other topics.

@Luke @ebr This FR is quickly approaching 100 endorsements by users, any timeline update? or a timeline at all?

 

Just FYI the top of the thread says 33 Likes.  That's actually quite a lot for a FR.  I have zero use for this feature but clearly it's a popular idea.


  • Untoten likes this

#43 Untoten OFFLINE  

Untoten

    Advanced Member

  • Members
  • 425 posts
  • Local time: 02:52 AM
  • Locationhttps://emby.media/community/index.php?/topic/26495-centralized-authentication-functionality-ldapssohtml-header/

Posted 29 March 2017 - 02:39 PM

100...?

Yes @ebr It is >80 right now and getting 1-2 more per week.  I took quite a bit of time listing all endorsements, you can see them on my first post, I listed all of them including counts for each location.

EDIT: It is also a year since I made this request that has been illustrated by the community is a high desire.  The biggest thing holding it back is SSL, which is really a necessity at this stage, especially with the DPI going on now.

Without SSL, passwords cannot be passed from client to server in plaintext, so even a hack together SSO solution is not possible without a complex pass-the-hash solution.


Edited by Untoten, 29 March 2017 - 04:16 PM.


#44 Spaceboy OFFLINE  

Spaceboy

    Advanced Member

  • Members
  • 4575 posts
  • Local time: 09:52 AM

Posted 29 March 2017 - 05:55 PM

100...?

Some serious double counting here. The GitHub and bounty pages are essentially identical users and posts

#45 Cerothen OFFLINE  

Cerothen

    Advanced Member

  • Members
  • 213 posts
  • Local time: 04:52 AM

Posted 29 March 2017 - 06:57 PM

Rule #1 of dev club don't ask for deadlines on features.

Rule #2 of dev club submit a pull request if rule one doesn't work for you

#46 Untoten OFFLINE  

Untoten

    Advanced Member

  • Members
  • 425 posts
  • Local time: 02:52 AM
  • Locationhttps://emby.media/community/index.php?/topic/26495-centralized-authentication-functionality-ldapssohtml-header/

Posted 30 March 2017 - 04:01 PM

Some serious double counting here. The GitHub and bounty pages are essentially identical users and posts

I gathered the information available to me, it is up to the Emby team to weigh its value, but thank you for your valuable input.

EDIT: Many of the usernames appear to be different, so I am unsure as to the basis of your assumption.
 

 

Rule #1 of dev club don't ask for deadlines on features.

Rule #2 of dev club submit a pull request if rule one doesn't work for you

I am not a dev, I am a paying customer that will pay much more if this is implemented.  It is the only real request I do and have ever cared about.  I am not asking an exact deadline, just an estimate of when it may even be started.  This is a completely reasonable request.


Edited by Untoten, 30 March 2017 - 04:03 PM.

  • Dibbes and Emby Tower like this

#47 Untoten OFFLINE  

Untoten

    Advanced Member

  • Members
  • 425 posts
  • Local time: 02:52 AM
  • Locationhttps://emby.media/community/index.php?/topic/26495-centralized-authentication-functionality-ldapssohtml-header/

Posted 31 March 2017 - 09:20 AM

@Luke @ebr When you finally do develop this perhaps thinking of offering it as a paid plugin as it is more of an enterprise request.  I would not be mad spending $50 for this feature as a plugin.  I know it can be a bitch, but I will pay a heavy bounty for this, plus the recurring revenue from others that purchase the plugin. 


Edited by Untoten, 31 March 2017 - 02:17 PM.

  • Dibbes likes this

#48 Untoten OFFLINE  

Untoten

    Advanced Member

  • Members
  • 425 posts
  • Local time: 02:52 AM
  • Locationhttps://emby.media/community/index.php?/topic/26495-centralized-authentication-functionality-ldapssohtml-header/

Posted 08 May 2017 - 11:23 AM

Like the original post and post +1 to show support for this feature :)


  • BS-FLiP likes this

#49 TedC OFFLINE  

TedC

    Member

  • Members
  • 16 posts
  • Local time: 04:52 AM
  • LocationOhio

Posted 10 May 2017 - 07:59 PM

I would love to integrate Emby into my home LDAP/AD authentication.


  • Dibbes, Emby Tower, Untoten and 2 others like this

#50 Untoten OFFLINE  

Untoten

    Advanced Member

  • Members
  • 425 posts
  • Local time: 02:52 AM
  • Locationhttps://emby.media/community/index.php?/topic/26495-centralized-authentication-functionality-ldapssohtml-header/

Posted 22 May 2017 - 08:39 AM

This would make me sooooo happy



#51 Magic815 OFFLINE  

Magic815

    Advanced Member

  • Members
  • 56 posts
  • Local time: 03:52 AM

Posted 17 June 2017 - 11:08 PM

+1000. Would love to see some progress on this.


  • Untoten likes this

#52 Untoten OFFLINE  

Untoten

    Advanced Member

  • Members
  • 425 posts
  • Local time: 02:52 AM
  • Locationhttps://emby.media/community/index.php?/topic/26495-centralized-authentication-functionality-ldapssohtml-header/

Posted 18 June 2017 - 12:23 AM

I even offered the Emby team $1000 to implement this. 


Edited by Untoten, 18 June 2017 - 12:51 AM.


#53 Untoten OFFLINE  

Untoten

    Advanced Member

  • Members
  • 425 posts
  • Local time: 02:52 AM
  • Locationhttps://emby.media/community/index.php?/topic/26495-centralized-authentication-functionality-ldapssohtml-header/

Posted 27 June 2017 - 03:27 PM

Bumpidy doo dah



#54 Untoten OFFLINE  

Untoten

    Advanced Member

  • Members
  • 425 posts
  • Local time: 02:52 AM
  • Locationhttps://emby.media/community/index.php?/topic/26495-centralized-authentication-functionality-ldapssohtml-header/

Posted 30 June 2017 - 12:27 AM

Bump

EDIT: Over 4000 views on this request now <3


Edited by Untoten, 12 July 2017 - 06:08 AM.


#55 lexisdude OFFLINE  

lexisdude

    Advanced Member

  • Members
  • 128 posts
  • Local time: 08:52 AM

Posted 21 July 2017 - 10:57 PM

bump!


  • Untoten likes this

#56 Untoten OFFLINE  

Untoten

    Advanced Member

  • Members
  • 425 posts
  • Local time: 02:52 AM
  • Locationhttps://emby.media/community/index.php?/topic/26495-centralized-authentication-functionality-ldapssohtml-header/

Posted 26 July 2017 - 11:27 PM

BUMP - This request is now 648 days old, no progress has been made.

~100 users want this, at the least.


Edited by Untoten, 26 July 2017 - 11:32 PM.


#57 Untoten OFFLINE  

Untoten

    Advanced Member

  • Members
  • 425 posts
  • Local time: 02:52 AM
  • Locationhttps://emby.media/community/index.php?/topic/26495-centralized-authentication-functionality-ldapssohtml-header/

Posted 27 July 2017 - 09:53 PM

It is something we would love to do, but first we need to get our offline sync and live tv features a little more mature. it is in our crosshairs though.

 

So it seems offline sync has been fixed and Live TV has made quite some progress, is there still more you wish to do with those @Luke? I think this feature has come up to queue. There are a few users that spoke up saying no LDAP stopped them from using this product and probably more that haven't spoken up. the user 'cervy1536' even made an account only to post this concern, it was that compelling to him.  It is the only post he has made in fact.


Edited by Untoten, 27 July 2017 - 09:54 PM.


#58 pir8radio OFFLINE  

pir8radio

    NGINX

  • Members
  • 3409 posts
  • Local time: 03:52 AM
  • LocationChicago

Posted 27 July 2017 - 11:33 PM

Bump

EDIT: Over 4000 views on this request now <3

 

 

BUMP - This request is now 648 days old, no progress has been made.

~100 users want this, at the least.

 

    Lets say (hypothetically of course) emby has 90,000+ users 100 is 0.112% of that user base...   I personally want to see TV get fixed up.  All of my Comcast/Xfinity channels, I subscribe to, work in emby and I would love to switch over to emby for that 100%.  

 

What if you could use LDAP or SSO with your current IIS reverse proxy, but had to still enter the users in emby to set access and privs, but from then on out a SSO to get that user into the server, future password changes would occur in LDAP or windows?    As a workaround until the emby team can get to native ldap support.


Edited by pir8radio, 27 July 2017 - 11:34 PM.


#59 Untoten OFFLINE  

Untoten

    Advanced Member

  • Members
  • 425 posts
  • Local time: 02:52 AM
  • Locationhttps://emby.media/community/index.php?/topic/26495-centralized-authentication-functionality-ldapssohtml-header/

Posted 27 July 2017 - 11:37 PM

    Lets say (hypothetically of course) emby has 90,000+ users 100 is 0.112% of that user base...   I personally want to see TV get fixed up.  All of my Comcast/Xfinity channels, I subscribe to, work in emby and I would love to switch over to emby for that 100%.  

 

What if you could use LDAP or SSO with your current IIS reverse proxy, but had to still enter the users in emby to set access and privs, but from then on out a SSO to get that user into the server?    As a workaround until the emby team can get to native ldap support.

1) How many users are actually on the forum? Total users with the software is not a good indicator.  

 

2) What else on Live TV?  it has quite extensive functionality/stability.

 

3) How would that work?  I was thinking a basic authentication type workflow with an emby service account, but that would destroy user watched/progress tracking.  In the end, it is best to have native support, and user authentication using a universal supported protocol is something that should be a high priority before adding addition features, as it is a core functionality.

 

EDIT: So for #1 actually did a query, I was quite generous with my filters.  I only filtered by members who have posted in the past 2 years (which does not mean they ever saw this FR to begin with).  The query resulted in 6300 users, which is probably more accurately around a few thousand who are relevant at most (how many actually look at FR's.  Even at the full 6300, of the 100 endorsements, that is still over 1%, but I guarantee a great number of those users are not admins, or even at a level to run LDAP.  The point again is not how many people, that frankly does not matter, the central auth functionality is very powerful and could get large clients, I have had a few companies interested but scoffed at the lack of this functionality. 


Edited by Untoten, 27 July 2017 - 11:45 PM.


#60 pir8radio OFFLINE  

pir8radio

    NGINX

  • Members
  • 3409 posts
  • Local time: 03:52 AM
  • LocationChicago

Posted 27 July 2017 - 11:43 PM

1) How many users are actually on the forum? Total users with the software is not a good indicator.  

 

2) What else on Live TV?  it has quite extensive functionality/stability.

 

3) How would that work?  I was thinking a basic authentication type workflow with an emby service account, but that would destroy user watched/progress tracking.  In the end, it is best to have native support, and user authentication using a universal supported protocol is something that should be a high priority before adding addition features, as it is a core functionality.

 

1) no clue, people not on the forum are probably happy with emby the way it is.....   I'm not on my LG refrigerator forum...  I like my fridge the way it is..

2) I personally find it still unstable, long time to tune, recordings sometimes have minor issues.   Its not as stable as my commercial DVR yet. just my opinion though.

3) No not a single user...   create different users with passwords that only IIS knows, and then control access with IIS.  Use the same form post login that you would normally use on the emby home page except iis is performing that task behind the scenes.. 


Edited by pir8radio, 27 July 2017 - 11:45 PM.






Also tagged with one or more of these keywords: Completed, LDAP, SSO, SAML, SAML2, Authentication, security, radius

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users