Observium supports CAS authentication which is conceptually very similar to SAML. One caveat is it only does authentication and leaves authorization up to the Observium mysql backend. If you only want authentication for SAML then it should be fairly trivial to do starting with the CAS code.
________________________________ From: observium observium-bounces@observium.org on behalf of adama@memetic.org adama@memetic.org Sent: Monday, May 7, 2018 9:11:00 AM To: 'Observium' Subject: Re: [Observium] Corporate authentication process - questions
Hi Jan,
I’m fairly certain you shouldn’t have posted this document to a public mailing list ??
Thanks,
Adam.
From: observium observium-bounces@observium.org On Behalf Of Jan Horacek Sent: 07 May 2018 14:29 To: Observium observium@observium.org Subject: Re: [Observium] Corporate authentication process - questions
Hi Adam,
here is document I received to this project.
Thanks
Jan
2018-05-03 2:27 GMT+02:00 Adam Armstrong <adama@observium.orgmailto:adama@observium.org>:
If you can somehow procure for me an example SAML backend to authenticate against, I can see if it is doable to make it work using the onelogin php library.
It doesn't seem /too/ difficult, but...
adam.
On 2018-05-03 01:14, Jan Horacek wrote:
My biggest issue is LDAP or Radius are deprecated in Enterprise security policy. We are using MFA and supports SAML or oAuth v2.0 only. I`m also trying to bypass MFA mechanism via application proxy or hiding server beyond different jumphost, but I`m also curious if I could have any chance to authenticate over SAML or oAUTH if every other options fail.
PHP authentication with SimpleSAMLPHP server could be the answer and to be honest as far I`m not developer, I`m fighting little bit with the SimpleSAMLPHP server. So yes I`m trying as well to use apache modules.
Jan
2018-05-03 2:08 GMT+02:00 <adama@memetic.orgmailto:adama@memetic.org>:
Does the system you use have a the ability to expose another interface, like ldap or radius something?
Failing that, are there apache modules that will do http auth against your platform?
Adam.
FROM: observium <observium-bounces@observium.orgmailto:observium-bounces@observium.org> ON BEHALF OF Jan Horacek SENT: 03 May 2018 01:02 TO: Observium <observium@observium.orgmailto:observium@observium.org> SUBJECT: Re: [Observium] Corporate authentication process - questions
Thanks Adam, for reply, hopefully someone from folks give me good advice.
Jan
2018-05-03 1:14 GMT+02:00 <adama@memetic.orgmailto:adama@memetic.org>:
I’m not really familiar with either of these, so I can’t say what would be needed to support them.
Enterprise auth isn’t really my area, but generally you’d need a way to communicate a username and password to the authentication platform from PHP, and a way of understanding what it responded with. This needs PHP libraries for the relevant auth mechanism.
Our authentication is fairly simple, we mostly just want a yes or no and perhaps a user level or user group.
Adam.
FROM: observium <observium-bounces@observium.orgmailto:observium-bounces@observium.org> ON BEHALF OF Jan Horacek SENT: 02 May 2018 18:17 TO: Observium <observium@observium.orgmailto:observium@observium.org> SUBJECT: [Observium] Corporate authentication process - questions
Hello gents,
I need your advice if anybody of you were integrating Observium to corporate authentication processes?
In our company is authentication driven by SAML or oAuth which I don`t see as supported in Observium documentation and need to get help if possible how to integrate Observium to SAML or to oAUTH process.
Question is also going to Adam and developers as we are using professional license.
I`ll appreciate any hints or guides.
Thanks
Jan
_______________________________________________ observium mailing list observium@observium.orgmailto:observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observiumhttps://urldefense.proofpoint.com/v2/url?u=http-3A__postman.memetic.org_cgi-2Dbin_mailman_listinfo_observium&d=DwMFaQ&c=l45AxH-kUV29SRQusp9vYR0n1GycN4_2jInuKy6zbqQ&r=P-yZfeg7yBN4EAfJJQkJUfO8noq2maVwNapnxqgunuw&m=YJJLVmufp8eUdi1OkZQVCsdNETnKAEazTqQ32BE5wsw&s=EesaIr3oV-_ARkphSa1kBfZMH-cyEalz_hn9l08MewQ&e= [1]
_______________________________________________ observium mailing list observium@observium.orgmailto:observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observiumhttps://urldefense.proofpoint.com/v2/url?u=http-3A__postman.memetic.org_cgi-2Dbin_mailman_listinfo_observium&d=DwMFaQ&c=l45AxH-kUV29SRQusp9vYR0n1GycN4_2jInuKy6zbqQ&r=P-yZfeg7yBN4EAfJJQkJUfO8noq2maVwNapnxqgunuw&m=YJJLVmufp8eUdi1OkZQVCsdNETnKAEazTqQ32BE5wsw&s=EesaIr3oV-_ARkphSa1kBfZMH-cyEalz_hn9l08MewQ&e= [1]
Links: ------ [1] http://postman.memetic.org/cgi-bin/mailman/listinfo/observiumhttps://urldefense.proofpoint.com/v2/url?u=http-3A__postman.memetic.org_cgi-2Dbin_mailman_listinfo_observium&d=DwMFaQ&c=l45AxH-kUV29SRQusp9vYR0n1GycN4_2jInuKy6zbqQ&r=P-yZfeg7yBN4EAfJJQkJUfO8noq2maVwNapnxqgunuw&m=YJJLVmufp8eUdi1OkZQVCsdNETnKAEazTqQ32BE5wsw&s=EesaIr3oV-_ARkphSa1kBfZMH-cyEalz_hn9l08MewQ&e= _______________________________________________ observium mailing list observium@observium.orgmailto:observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observiumhttps://urldefense.proofpoint.com/v2/url?u=http-3A__postman.memetic.org_cgi-2Dbin_mailman_listinfo_observium&d=DwMFaQ&c=l45AxH-kUV29SRQusp9vYR0n1GycN4_2jInuKy6zbqQ&r=P-yZfeg7yBN4EAfJJQkJUfO8noq2maVwNapnxqgunuw&m=YJJLVmufp8eUdi1OkZQVCsdNETnKAEazTqQ32BE5wsw&s=EesaIr3oV-_ARkphSa1kBfZMH-cyEalz_hn9l08MewQ&e=
_______________________________________________ observium mailing list observium@observium.orgmailto:observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observiumhttps://urldefense.proofpoint.com/v2/url?u=http-3A__postman.memetic.org_cgi-2Dbin_mailman_listinfo_observium&d=DwMFaQ&c=l45AxH-kUV29SRQusp9vYR0n1GycN4_2jInuKy6zbqQ&r=P-yZfeg7yBN4EAfJJQkJUfO8noq2maVwNapnxqgunuw&m=YJJLVmufp8eUdi1OkZQVCsdNETnKAEazTqQ32BE5wsw&s=EesaIr3oV-_ARkphSa1kBfZMH-cyEalz_hn9l08MewQ&e=