SAML implementation for the self service UI

Hello !

Wondering if SAML implementation for the self service user interface is planned for future releases? I have seen that a Pivotal Tracker story already exists:
https://www.pivotaltracker.com/n/projects/1914499/stories/147222217

If not, I am considering digging into this story myself, starting by this one : Add Support for Api Authentication via SSO which is a blocker of the first.

Any advice on the best way to achieve this would be greatly appreciated!

Thanks
Romain

3 Likes

Hello again !

Any news about this topic?

Thanks,
Romain

Hi Romain,

Did you have answer to your question?
I am looking for the same.
SAML is a kind of mandatory when exposing IaaS services in a B2B model, and without self-service UI supporting SAML, the entire MiQ concept loses its point !

Alireza

Hi Alireza,

Yes, I have found a solution to implement SSO authentication in the self-service UI and I was actually about to share my work here in the coming days.
For our needs, it was finally more convenient to implement OIDC than SAML but the logic is the same and the code could be easily improved to support SAML.
So I will explain everything in a future post within a few days, including a quick way to test my solution using Keycloak in a docker environment.

In the meantime, to get an idea, you can explore the following forks I made to get it work:

More precisely, you can have a look into this 2 commits:

PS: I made my changes only in the hammer branch.

Don’t hesitate if you have any question :wink:
Romain

1 Like

Thank you Romain,
I’ll go through and revert to you in the coming days
:wink:
thanks again
Alireza

Dear Alireza,

My apologies for taking so long to update this post!

Here is a Docker POC on github, that demonstrates how to use External Authentication with OIDC on the self service UI, using my forks of manageiq API and the UI service :

The Readme file explains everything, but tell me if you need more explanations.

Happy new year!
Romain

1 Like

OIDC authentication is now officially available for both API & UI: