admin auth

cancel
Showing results for 
Search instead for 
Did you mean: 

admin auth

L1 Bithead

Any plans to allow various external authentication support (AD, SAML, etc)?

5 REPLIES 5

L7 Applicator

Hi @jchitsaz,

we have plans for SAML (https://github.com/PaloAltoNetworks/minemeld-core/issues/166), would that work ? 

LDAP auth (primarily msft) would be ideal along with SAML. I'd like to be able to restrict access to a group or groups within LDAP which SAML doesn't provide.

SAML would be ideal for us. Is there any early code we can test and/or contribute to?

Hi @Hugh.Kelley,

nope, but you can look into minemeld/flask/aaa*.py files to check the current mechanism. Why SAML?

SAML is best for me because we have the supporting infrastructure already in place.  Our SaaS apps still seem to use SAML more than other protocols like OIDC.

 

Thanks for the pointer about the /flask files.   I'm new to Flask but am thinking that a file like this (link below) could drop into MineMeld pretty easily and sit alongside the /login route  (it uses /loginsso).

 

flask/loginsso.py    # Full transparency - I have not tested this at all, just a mock up

 

I'll try to test some over the coming days.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!