https://live.paloaltonetworks.com/t5/general-topics/admin-auth/m-p/158825#M97130 <P>Any plans to allow various external authentication support (AD, SAML, etc)?</P> Wed, 31 May 2017 21:52:19 GMT jchitsaz 2017-05-31T21:52:19Z https://live.paloaltonetworks.com/t5/general-topics/admin-auth/m-p/158825#M97130 <P>Any plans to allow various external authentication support (AD, SAML, etc)?</P> Wed, 31 May 2017 21:52:19 GMT https://live.paloaltonetworks.com/t5/general-topics/admin-auth/m-p/158825#M97130 jchitsaz 2017-05-31T21:52:19Z https://live.paloaltonetworks.com/t5/general-topics/admin-auth/m-p/159146#M97131 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/18653">@jchitsaz</a>,</P> <P>we have plans for SAML (<A href="https://github.com/PaloAltoNetworks/minemeld-core/issues/166" target="_blank">https://github.com/PaloAltoNetworks/minemeld-core/issues/166</A>), would that work ?&nbsp;</P> Fri, 02 Jun 2017 12:25:31 GMT https://live.paloaltonetworks.com/t5/general-topics/admin-auth/m-p/159146#M97131 lmori 2017-06-02T12:25:31Z https://live.paloaltonetworks.com/t5/general-topics/admin-auth/m-p/159199#M97132 <P>LDAP auth (primarily msft) would be ideal along with SAML. I'd like to be able to restrict access to a group or groups within LDAP which SAML doesn't provide.</P> Fri, 02 Jun 2017 14:47:51 GMT https://live.paloaltonetworks.com/t5/general-topics/admin-auth/m-p/159199#M97132 chirss 2017-06-02T14:47:51Z https://live.paloaltonetworks.com/t5/general-topics/admin-auth/m-p/247130#M97134 SAML would be ideal for us. Is there any early code we can test and/or contribute to? Wed, 23 Jan 2019 12:56:10 GMT https://live.paloaltonetworks.com/t5/general-topics/admin-auth/m-p/247130#M97134 Hugh.Kelley 2019-01-23T12:56:10Z https://live.paloaltonetworks.com/t5/general-topics/admin-auth/m-p/247134#M97135 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/103867">@Hugh.Kelley</a>,</P> <P>nope, but you can look into minemeld/flask/aaa*.py files to check the current mechanism. Why SAML?</P> Wed, 23 Jan 2019 13:05:55 GMT https://live.paloaltonetworks.com/t5/general-topics/admin-auth/m-p/247134#M97135 lmori 2019-01-23T13:05:55Z https://live.paloaltonetworks.com/t5/general-topics/admin-auth/m-p/247356#M97136 <P>SAML is best for me because we have the supporting infrastructure already in place.&nbsp; Our SaaS apps still seem to use SAML more than other protocols like OIDC.</P> <P>&nbsp;</P> <P>Thanks for the pointer about the /flask files.&nbsp; &nbsp;I'm new to Flask but am thinking that a file like this (link below) could drop into MineMeld pretty easily and sit alongside the /login route&nbsp; (it uses /loginsso).</P> <P>&nbsp;</P> <P><A href="https://gist.github.com/hkelley/565a3d0e944b24486b7b78ce8897e218" target="_self">flask/loginsso.py</A>&nbsp; &nbsp; # Full transparency - I have not tested this at all, just a mock up</P> <P>&nbsp;</P> <P>I'll try to test some over the coming days.</P> Thu, 24 Jan 2019 13:34:56 GMT https://live.paloaltonetworks.com/t5/general-topics/admin-auth/m-p/247356#M97136 Hugh.Kelley 2019-01-24T13:34:56Z