similar to: External auth

We have just published a neat little toolkit for those of you who are interested in SAML-enabling your enterprise application. SAML is a standards-based single sign-on protocol, which allows an identity provider to securely log users into an application without a password. Some of the advantages of SAML that you avoid passwords altogether and can centralize access control at your identity

Practically speaking, most popular IAM and SSO solutions offer OIDC SAML tokens but do not offer Kerberos tickets.? OpenID Connect is a standard which itself is based on RFC6749 (OAuth2). This provides a compelling reason to support it in addition to Kerberos.? I'll also note that OIDC tokens are easy to validate without a bidirectional trust relationship between the IdP and RP. SSH

Hi, In my journey to enable SAML auth for our webmail (sogo.nu) I have created a password-less dovecot imap listener on 127.0.0.1/32, so that once a user is SAML authenticated for the SOGo webmail, SOGo can connect to dovecot on 127.0.0.1:143 with something like "01 LOGIN username randompassword". Watching this (tcpflow) as it happens,i can see the following auth attempt coming from

Hello everyone, I received a somewhat strange and complicated demand today. The idea of the manager is to use samba as a domain server but the directory tree (authentication and authorization of users) is on an external SAML server using keycloak. The samba will pass only GPO. Is this possible? As far as I've seen samba works the version of Windows Active Directory as well, and I've

thanks, I believe I will need to do an Adfs for this kind of authentication. I found nothing in documented about federation service, is it possible to do samba? Thiago Em sex, 11 de out de 2019 00:16, Andrew Bartlett <abartlet at samba.org> escreveu: > On Thu, 2019-10-10 at 21:24 -0300, Thiago Anderson Santos via samba > wrote: > > Hello everyone, > > I received a

Hi, I would like to have two seperate imap listeners, with different authentication settings, but the mailstore and userbase etc will be identical. I know I can do this: > service imap-login { > inet_listener imap { > port = 143 > } > inet_listener imap2 { > port = 144 > } > } But I'm unsure how to configure imap/143 with "driver =

Is there any information iI can grab on implementing MFA via the samba 4 AD? Perhaps via the Okta API or SAML? JD

It's very difficult at least. I can't instantly think any sensible way forward, but you might be able to get somewhere using %a variable. Aki > On December 31, 2016 at 11:38 AM mj <lists at merit.unu.edu> wrote: > > > Hi, > > Does the lack of replies mean that what I'm asking is not possible? > > (or am I missing something SO obvious that nobody

Or. maybe it is the holidays and people actually have a life? On December 31, 2016 4:38:53 AM EST, mj <lists at merit.unu.edu> wrote: >Hi, > >Does the lack of replies mean that what I'm asking is not possible? > >(or am I missing something SO obvious that nobody bothers to point it >out..?) > >MJ > >On 12/29/2016 09:23 PM, mj wrote: >> Hi, >>

> Le 9 juil. 2020 ? 19:26, Bernhard Dick via samba <samba at lists.samba.org> a ?crit : > > ?Hi, > >> Am 02.07.2020 um 17:23 schrieb Martin Hauptmann via samba: >> Sorry if I didn't find the right manual. >> I would like to set up a new Domain Controller and connect it to an existing Office 365 with Exchange in a way, AD-Users of a certain group can login

Hi, Is it possible to query an Exchange server for its user list via ADFS using samba? I'm interested in integrating this support with postfix on my fedora system instead of having to maintain the list in Exchange and the list as a map in postfix. I really don't know much about Exchange and whether/how this would work. Is it secure? Is LDAPS an alternative? Is it secure? Thanks, Alex

Hello, I'm using various password databases (one of them is a ldap database, which is the used for users connecting with email clients, and the other with pam, using a pam module integrated with our SSO that is used from our webmail). I would like to disable password caching in my pam database (because 'passwords' provided by our SSO are single use tokens, so caching them has no

Hi, I'm considering migrating away from gmail for my (one-man) company, and I'm trying to decide if dovecot is the right option (I'm committed to self-hosting). I'm a developer, so happy to do my own tooling if needed. *Is there currently a good webmail interface to dovecot, or work-in progress?* If not, would a web interface be out-of-scope for dovecot? I want to use SAML for

On 03/28/2016 05:05 PM, aki.tuomi at dovecot.fi wrote: > >> On March 28, 2016 at 5:43 PM Phil Lello <phil at dunlop-lello.uk> wrote: >> >> >> Hi, >> >> I'm considering migrating away from gmail for my (one-man) company, and I'm >> trying to decide if dovecot is the right option (I'm committed to >> self-hosting). I'm a

On 3 Dec 2016, at 20.47, mj <lists at merit.unu.edu> wrote: > > Hi, > > In my journey to enable SAML auth for our webmail (sogo.nu) I have > created a password-less dovecot imap listener on 127.0.0.1/32, so that > once a user is SAML authenticated for the SOGo webmail, SOGo can connect to dovecot on 127.0.0.1:143 with something like "01 LOGIN username

On 03/21/2018 10:34 PM, @lbutlr wrote: > The question is does it allow remote users to login with no password? Yes, and the answer is: no. > If not, then the message ie nearly notification that login without a password is potentially possible. Yes, but a worrying one. That's why i decided to post here. > I have no idea why you would have nopassword=y set in the first place, so it

I have been trying to get SSO to work correctly with the following packages, and I appear I am missing something and I was wondering if anyone can help me or point me in the right direction? I am currently using the "auth_ntlm_winbind_module" for apache to try and authenticate and was hoping to get SSO to work. I have gone through all the steps on SEVERAL sites trying to figure out how

I've got a new CentOS 7 server going into a remote location. I have local servers that authenticate against Active Directory (2012 if it matters) using winbindd. I'd like to have some method of using AD on the remote server, but I need to be able to access it if the network path to the AD servers is down. sssd caching won't do AFAIK (since that's just a cache that times out).

Hi, I interested in some Ruby libraries to do SSO with Rails. I have found one for openID. I am looking for something similar for Liberty Alliance and/or SAML. Is anyone aware of some on-going effort in this direction? regards, -- Arnaud Sahuguet -------------- next part -------------- An HTML attachment was scrubbed... URL:

On Tue, 31 May 2016, Alex wrote: > Hi, > > Is it possible to query an Exchange server for its user list via ADFS > using samba? > > I'm interested in integrating this support with postfix on my fedora > system instead of having to maintain the list in Exchange and the list > as a map in postfix. > > I really don't know much about Exchange and whether/how this