Add Generic/default SAML IdP integration for SSO - even better add OIDC support
- What is the problem that this feature would fix?
We cannot integrate our on-prem IdP (RedHat KeyCloak) with Cerberus for SSO purposes, since only specific large cloud vendors are supported (Entra & Okta).
- Why is it a problem?
It is a large problem for us since we already have AAA processes running with SAML or OIDC with standard functionality (not bound to specific vendor) and standard login authentication process that utilizes one central corporate TOTP policy. We don;t want users to have a different authentication experience as well as different OTP policy (one more OTP to store)
- Is there a workaround you currently have for this problem?
No there isn't one supported officially. We just integrate corporate user accounts through LDAP integration and custom cerberus group mappings for authentication, however we have to use cerberus OTP facility for public shares or 2FA account logins which is confusing and troublesome for helpdesk.
- Do you have a suggestion on how you would like to see the problem fixed?
Add a generic SAML and/or OIDC/OAuth SSO profile that can integrate with most if all of IdP vendors (cloud & on-prem, proprietary or open-source) with SCIM as well as logoff service awareness URL facility to properly logout users centrally when cerberus logouts occur. Full corporate SSO functionality will be supported if the above criteria is met.
- How big is the problem? Who is affected by this problem (End Users, Admins, etc.)?
The problem affects the entire group of companies we serve, since it breaks or cannot properly integrate with current global SSO policy. All users have to login/logout separately from cerberus utilizing a different OTP from all other corporate web applications.
-
Hello Zeppos,
Thanks so much for taking the time to submit this request. I do believe I have enough information here to get this on over to our product team, if we need any further details regarding this request, I'll be sure to reach out here, or through a support ticket.
0 -
Hello Zeppos,
I did want to let you know, that this enhancement has been accepted. This is on the roadmap estimated for the end of 2025. If you have any questions, please do let me know!
0
Please sign in to leave a comment.
Comments
2 comments