You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is more of a tracking issue for a series of features around building out and maturing the authentication capabilities of ashirt. This is meant to ask and answer questions so that we can move toward creating the set of individual features that we'll end up actually building. This issue does not mean that all of the below features have the same priority or that we need to build all of them but they are at least worth discussing and coming up with a plan for if and when they will be built.
Currently ashirt supports local auth and okta which meets our needs internally and likely the needs of some potential users. In general we're missing integration with some other common single sign on options and new/upcoming mfa options that we are likely to see others desiring to use. This will split into two categories: authN and mfa options.
AuthN
Generic OIDC2 (can okta share this?)
SAML
webauthn
MFA
u2f/FIDO2
The text was updated successfully, but these errors were encountered:
Back end
It looks like Okta is at least 90% compatible with Google and Discord. Making Okta work with these two might be easy enough. At a glance, it looks like we need to change how the token exchange works slightly (it looks like google and discord expect the client id and secret provided as query parameters. Okta, at least previously, expected these as basic authentication), and we should expand the number of configurations we need -- specifically we need the authorization url and token url.
Front end
This is a bit tricky. I think we should be able to abstract this enough to work with generic oidc providers, but we're likely to lose specific styling. So, if we wanted to use google odic, we probably wouldn't have the google G next to the button. One possibility, if we really want this, would be to have named service integration are just fancy wrappers around generic OIDC.
Generic OIDC2 implementation has been added (#358) and we've removed the original Okta specific version (#452). There doesn't seem to be any reason to implement SAML for federated auth at this point since we've implemented generic OIDC2. I'm going to close this issue and open a specific one for adding webauthn.
This is more of a tracking issue for a series of features around building out and maturing the authentication capabilities of ashirt. This is meant to ask and answer questions so that we can move toward creating the set of individual features that we'll end up actually building. This issue does not mean that all of the below features have the same priority or that we need to build all of them but they are at least worth discussing and coming up with a plan for if and when they will be built.
Currently ashirt supports local auth and okta which meets our needs internally and likely the needs of some potential users. In general we're missing integration with some other common single sign on options and new/upcoming mfa options that we are likely to see others desiring to use. This will split into two categories: authN and mfa options.
AuthN
MFA
The text was updated successfully, but these errors were encountered: