You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Apr 26, 2024. It is now read-only.
It would be a killer feature to have real single-sign-on abilities in synapse. When deployed in an "enterprise" environment where computers are enrolled in a Kerberos realm.
I think the standards to look into is SPNEGO (since it's often used for any "kerberized" HTTP-service). Take a look at mod_auth_krb or mod_auth_gssapi for Apache for ideas.
I have coded a few things like this before (at least GSSAPI on client/server), and this way of authenticating to an on-prem installation would really be user friendly but as secure as one would like.
This way any user able to login to his/her computer on the local network, would automatically be able to sign-in to their respective matrix accounts.
It would be a killer feature to have real single-sign-on abilities in synapse. When deployed in an "enterprise" environment where computers are enrolled in a Kerberos realm.
I think the standards to look into is SPNEGO (since it's often used for any "kerberized" HTTP-service). Take a look at mod_auth_krb or mod_auth_gssapi for Apache for ideas.
I have coded a few things like this before (at least GSSAPI on client/server), and this way of authenticating to an on-prem installation would really be user friendly but as secure as one would like.
This way any user able to login to his/her computer on the local network, would automatically be able to sign-in to their respective matrix accounts.