Jump to content


Photo

SSL Integration/Support

SSL Encryption LDAP SSO secure

  • Please log in to reply
21 replies to this topic

#1 Untoten OFFLINE  

Untoten

    Advanced Member

  • Members
  • 425 posts
  • Local time: 09:03 PM
  • Locationhttps://emby.media/community/index.php?/topic/26495-centralized-authentication-functionality-ldapssohtml-header/

Posted 17 April 2016 - 10:14 PM

Status:  Initiated Blueprint

  • Luke has investigated this, unclear the progress on universal development.  App devs have not begun dev for this.  Once Luke builds core compatibility it may be 3+ months before app/client SSL adoption.
  • Spread the word!  Let's make it known how many Emby users would love to see this feature!

I have seen scattered, unorganized requests for this that seemed to die, so this will serve to centralize all support for SSL and to track responses/feedback.

 

This is to request Emby support SSL, both app and web client to server.

This would be for Emby Connect setups as well as local user setup.

Current Plan:

Utilize Lets Encrypt (https://letsencrypt.org/) to allow automated endoint encryption.  Luke is currently looking for members that may be able to help automate this at server endpoints.  

Possible Solutions include subdomains for each client (ex. customer.emby.media) or custom domains for each customer such as DyDNS.

 

Reasons for this:

  • Secure activity/traffic between client and server
  • Allows passwords to be passed plain text from client to server.
  • Would allow development of SSO/LDAP authentication solutions.  Please see and support our topic linked below:

 

What is done:

  • Enhanced SSL support on mobile application

 

What is needed:

  • Core universal SSL support
  • App supported SSL
  • Web-app supported SSL
  • Authentication passed over SSL to allow plaintext passwords

Edited by Untoten, 21 November 2016 - 11:46 AM.

  • Dibbes, PhinkBig, fonzie and 5 others like this

#2 Beardyname OFFLINE  

Beardyname

    Advanced Member

  • Alpha Testers
  • 944 posts
  • Local time: 04:03 AM

Posted 18 April 2016 - 02:15 PM

ssl is already available (have been running this for 6+ months or so)

 

Are you asking it to be a built in valid cert? like letsencrypt, or would just like emby connect to implement it and make it valid somehow?



#3 Luke OFFLINE  

Luke

    System Architect

  • Administrators
  • 153192 posts
  • Local time: 11:03 PM

Posted 18 April 2016 - 03:23 PM

Before we can pursue LDAP, ssl has to work out of the box for all users without any complicated setup, so that's what this thread is about.


  • Untoten likes this

#4 Beardyname OFFLINE  

Beardyname

    Advanced Member

  • Alpha Testers
  • 944 posts
  • Local time: 04:03 AM

Posted 21 April 2016 - 03:22 PM

gotcha!


  • Untoten likes this

#5 Untoten OFFLINE  

Untoten

    Advanced Member

  • Members
  • 425 posts
  • Local time: 09:03 PM
  • Locationhttps://emby.media/community/index.php?/topic/26495-centralized-authentication-functionality-ldapssohtml-header/

Posted 11 October 2016 - 04:20 AM

BUMP!!  Very useful for a lot of features, could allow plaintext auth to be sent as TLS would be existent.



#6 Untoten OFFLINE  

Untoten

    Advanced Member

  • Members
  • 425 posts
  • Local time: 09:03 PM
  • Locationhttps://emby.media/community/index.php?/topic/26495-centralized-authentication-functionality-ldapssohtml-header/

Posted 04 January 2017 - 03:12 PM

@Luke @ebr

I was told almost 6 months ago this was a top priority, is there any update?  SSL is quite important in this day and age and would open the dorr for many improvements.



#7 Untoten OFFLINE  

Untoten

    Advanced Member

  • Members
  • 425 posts
  • Local time: 09:03 PM
  • Locationhttps://emby.media/community/index.php?/topic/26495-centralized-authentication-functionality-ldapssohtml-header/

Posted 13 January 2017 - 11:14 AM

@Luke @ebr

Any updates/timeframe on this?  I know there are plenty of users that have been asking about this and have had to resort to custom work-arounds.

 



#8 Untoten OFFLINE  

Untoten

    Advanced Member

  • Members
  • 425 posts
  • Local time: 09:03 PM
  • Locationhttps://emby.media/community/index.php?/topic/26495-centralized-authentication-functionality-ldapssohtml-header/

Posted 26 January 2017 - 03:52 PM

@Luke @ebr Updates?  Progress?



#9 Untoten OFFLINE  

Untoten

    Advanced Member

  • Members
  • 425 posts
  • Local time: 09:03 PM
  • Locationhttps://emby.media/community/index.php?/topic/26495-centralized-authentication-functionality-ldapssohtml-header/

Posted 31 March 2017 - 09:18 AM

@Luke @ebr, remember I will pay considerable cash for this.  We all know SSL is becoming a necessity, especially with recent legislation.



#10 chef ONLINE  

chef

    Advanced Member

  • Developers
  • 4590 posts
  • Local time: 11:03 PM
  • LocationPeterborough, Canada

Posted 31 March 2017 - 10:57 AM

Although my coding skill are relatively new regarding web development, certificates. I have some limited understanding on how to use OpenSSL and have worked with LetsEncrypt briefly.
Is there something I can do?
I have a feeling that this is nessessary for some new developments in emby.
  • Untoten likes this

#11 Untoten OFFLINE  

Untoten

    Advanced Member

  • Members
  • 425 posts
  • Local time: 09:03 PM
  • Locationhttps://emby.media/community/index.php?/topic/26495-centralized-authentication-functionality-ldapssohtml-header/

Posted 01 April 2017 - 06:45 AM

Although my coding skill are relatively new regarding web development, certificates. I have some limited understanding on how to use OpenSSL and have worked with LetsEncrypt briefly.
Is there something I can do?
I have a feeling that this is nessessary for some new developments in emby.

I would contact @Luke and @ebr, they seem to really need assistance with this based upon how long it has been.

Maybe this would help as a jumping off point?  https://github.com/DirtyJerz/embyDDNS

SSL is really a necessity and I am shocked it has taken this long to be honest.



#12 Luke OFFLINE  

Luke

    System Architect

  • Administrators
  • 153192 posts
  • Local time: 11:03 PM

Posted 01 April 2017 - 03:03 PM

I would contact @Luke and @ebr, they seem to really need assistance with this based upon how long it has been.

Maybe this would help as a jumping off point?  https://github.com/DirtyJerz/embyDDNS

SSL is really a necessity and I am shocked it has taken this long to be honest.

 

We already support SSL, we just do not obtain a domain for users and therefore a more trusted cert.



#13 dcook OFFLINE  

dcook

    Advanced Member

  • Members
  • 866 posts
  • Local time: 11:03 PM

Posted 01 April 2017 - 03:27 PM

@Untoten what is the issue?  

 

SSL is already supported, just put in your certificate



#14 Untoten OFFLINE  

Untoten

    Advanced Member

  • Members
  • 425 posts
  • Local time: 09:03 PM
  • Locationhttps://emby.media/community/index.php?/topic/26495-centralized-authentication-functionality-ldapssohtml-header/

Posted 01 April 2017 - 04:27 PM

@Untoten what is the issue?  

 

SSL is already supported, just put in your certificate

Not universally.  Not across all applications, so passwords are encrypted on client side.  Meaning SSO and LDAP are not currently possible.  This needs to be deployed universal so the authentication workflow can be altered.



#15 Untoten OFFLINE  

Untoten

    Advanced Member

  • Members
  • 425 posts
  • Local time: 09:03 PM
  • Locationhttps://emby.media/community/index.php?/topic/26495-centralized-authentication-functionality-ldapssohtml-header/

Posted 27 April 2017 - 10:26 AM

This is still greatly inhibiting my deployment.  Not only that, but TLS is absolutely necessary for Emby.



#16 Untoten OFFLINE  

Untoten

    Advanced Member

  • Members
  • 425 posts
  • Local time: 09:03 PM
  • Locationhttps://emby.media/community/index.php?/topic/26495-centralized-authentication-functionality-ldapssohtml-header/

Posted 16 June 2017 - 04:38 AM

@Luke @ebr any updates on progress?



#17 ebr OFFLINE  

ebr

    Chief Bottle Washer

  • Administrators
  • 50827 posts
  • Local time: 11:03 PM

Posted 16 June 2017 - 09:15 AM

You will definitely hear from us when we have something to report.  Thanks.



#18 Untoten OFFLINE  

Untoten

    Advanced Member

  • Members
  • 425 posts
  • Local time: 09:03 PM
  • Locationhttps://emby.media/community/index.php?/topic/26495-centralized-authentication-functionality-ldapssohtml-header/

Posted 16 June 2017 - 10:03 AM

For transparency's sake and community collaboration, do you have a current status of the request?  Perhaps a done/to do list?

EDIT: Grammar


Edited by Untoten, 16 June 2017 - 10:04 AM.


#19 Magic815 OFFLINE  

Magic815

    Advanced Member

  • Members
  • 56 posts
  • Local time: 10:03 PM

Posted 17 June 2017 - 11:04 PM

+1 on this. Sad to see such lack of development on SSL, LDAP, and SSO.

 

Starting to regret the decision to go with Emby Premiere based on how some of the most popular requests take years to be implemented. I'm looking at you, modifiable landing tab.


  • Untoten likes this

#20 Untoten OFFLINE  

Untoten

    Advanced Member

  • Members
  • 425 posts
  • Local time: 09:03 PM
  • Locationhttps://emby.media/community/index.php?/topic/26495-centralized-authentication-functionality-ldapssohtml-header/

Posted 18 June 2017 - 12:22 AM

+1 on this. Sad to see such lack of development on SSL, LDAP, and SSO.

 

Starting to regret the decision to go with Emby Premiere based on how some of the most popular requests take years to be implemented. I'm looking at you, modifiable landing tab.

Same, I hate that my requests are passified so often, even for a simple request like transparency.







Also tagged with one or more of these keywords: SSL, Encryption, LDAP, SSO, secure

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users