Build service provider features into Archibus
We have more and more clients wanting to implement SAML via AWS, Azure or ADFS and Archibus only supports Legacy Header Based Authentication. We want to know (or suggest) if it's possible to build service provider features into Archibus.
Bring Archibus into current times and make it capable of Modern Authentication for user access. Else, we have to install and support Shibboleth-SP with every SAML request.
More and more of our clients are asking why ARCHIBUS do not use modern authentication. They have to apply for a dispensation to deviate from the prescribed minimum standards and requirements to have Shibboleth-SP installed and setup.
Have you had any requests regarding this and will this be considered in the future versions.
Annelie Wessels
shared this idea
-
Scott Kelly
commented
I've actually done this implementation. We've used it quite reliably for many years. At one point I'm sure I was one of the loudest voices in the "SAML must be integrated in with Archibus" crowd.
However - we're actually moving away from that and moving to request-header auth instead. It just makes more sense (for us at any rate) to offload all of that authentication to our ADC, the same way we're having our self-hosted clients offload that piece to Shibboleth-SP.
Really, it somewhat depends on how Archibus intends to be delivered as a product. In the current world, there's typically entire architecture that surrounds an Archibus install - it's not just a standalone windows .exe installer. You'll need Java, Tomcat, a Firewall, etc.
So today the more *modern* approach, imho, is actually to utilize that architecture for your authentication service provider. i.e. the current recommended approach of using Shibboleth.
-
Andrew Bailey
commented
Agreed.