New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SAML - Is there any easy way to implement it with Snipe-IT? #542
Comments
Not out of the box, but we can look into how much work it would be to integrate. |
SAML might be a better option than LDAP/AD integration. A lot of people are moving in this direction. More webby. |
Looks like OneLogin has a package, which could make this easier. https://github.com/onelogin/php-saml |
I’ve used their Ruby package and it’s excellent. My PHP is very rusty, otherwise I’d help out. |
@snipe what about http://packalyst.com/packages/package/aacotroneo/laravel-saml2? It appears to be based on php-saml, but is already a package. |
Yeah, we were looking at that one recently too. |
Hi there, we're also using Single Sign On - OKTA is the tool we are using. |
Would also like to bump this, as this would be great for us. We use Okta. We also use AD/LDAP, so using either isn't a huge problem for us. |
Hey guys, we're using OKTA too, and we're interested in having SAML active too. |
+1 for SAML - this is literally the only tool out there that does asset management right & would be killer with SAML integration |
Totally agree! +1 for SAML integration. |
Any updates on potential SAML integration? We are a school district that utilizes RapidIdentity (by Identity Automation), which is in the same vein as Okta and some of the other services mentioned in this thread. SAML would be a fantastic excellent addition. |
If there were updates, we'd publish them to this ticket. The API is currently higher priority than SAML integration, but it's still on the list. |
Completely understand. Thank you for the response. |
+1 for SAML. Also thank you for your amazing work |
+1 for SAML! So far this platform is awesome, great work. |
Whoa, snipe-it looks to be way better than any other inventory answer out there. Thanks for all the hard work! Another +1 for SAML support -- it would make implementation way easier and help justify to management as an alternative to traditional (read: expensive and closed) inventory applications. |
We are using the cloud hosted Snipe-IT solution. LDAP is not an option for us, so +1 for SAML |
Hi excuse my ignorance, We have signed up for cloud hosted version of Snipe-IT - so far its awesome. I'm trying to configure LDAP integration, all fields are filled out but having a connection issue. Do I need to have an instance of my Active Directory in the cloud (AWS, Azure) for this to work as my instance of Snipe-IT is cloud hosted ? |
Hi @dhayc17 - you do need it to be accessible via your hosted IP, which usually means poking a hole in your firewall for the static IP. If you contact support via email, we can give you your hosted static IP |
Also very much interested in this. |
Our company is hoping to get forced SSO so that we can adopt your product. BTW, you're selling yourself short. We would pay 5-10 times what you're charging for a good hosted tool. Key is that we have to have forced SSO (no password login option except for admin account). |
+1 for SSO/SAML |
Another +1 for SAML |
+1 for SAML or OIDC |
+SAML |
Instead of everyone doing +1, place a bug bounty on it or open a PR with your contribution! |
@snipe I'm trying to contact you via Linkedin and see if we can agree on something to provide SAML support to snipe-it. |
bumping this for vis... if the pull request from @pitbulk up above is to unlock standard saml support for things like Okta we are VERY interested in this. Working to roll out snipe into prod, but right now we're having issues with LDAP over Okta breaking randomly from time to time for no known reason due to the LDAP work around, and this would help with that greatly. |
Heads up there was a PR approved for some saml support in the develop branch! Not sure if it will work with Okta yet, but it’s using onelogin’s php-saml package.
…Sent from my iPhone
On May 7, 2020, at 10:02 PM, J Eckert ***@***.***> wrote:
bumping this for vis... if the pull request from @pitbulk up above is to unlock standard saml support for things like Okta we are VERY interested in this. Working to roll out snipe into prod, but right now we're having issues with LDAP over Okta breaking randomly from time to time for no known reason due to the LDAP work around, and this would help with that greatly.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
SAML to Azure AD would make this guy very happy. All of you working on this real international heroes. |
SAML is a huge feature that would make my life a lot easier! Thanks to the people working on it. |
Yes I wanted to implement a standard SAML support (not the shibboleth trick / $USER I saw) this commit already has the approach I had in mind: |
+1 for SAML |
@webbexpert Have you moved to a different tool or are you also still waiting for this? |
@tholu We are still waiting for SSO SAML implementation. It will be a deal breaker for us if we cannot have this, for hosted services at least. |
+1 SAML |
+1 for SAML |
@adagioajanes Did you even bother to read this thread before making a useless and unhelpful comment? SAML support has already been merged and will be in the next major release of Snipe-IT. |
I saw this issue was still open. Therefor I assumed it was not implemented, as I can't find documentation for it. No need to be rude about it. |
Its also not included here: https://snipeitapp.com/blog/snipe-it-v5.0-progress-oct
|
@snipe As v5 was released (again thanks for that) the SAML support is now available in code. But there is some documentation missing. I setup SAML with my installation and could help out with the docu. But I'm not sure where I can contribute the text and images. Is this possible via readme.io? |
SO maybe I will start documenting here :D General steps to do:
IdP SAML Configuration ValuesThere are many pages out there on how to configure the following values for your IdP.
Azure will automatically configure a certificate for you to sign the SAML responses when you click on the "add certificate" link. Snipe-IT SAML SettingsAttribute Mapping - UsernameIt is possible to override the default setting, to use the value from the "NameID" response element to match against the username of existing users. If your IdP uses another element in the SAML response, set the value here. Relevant example from SAML response
If you have existing users configured in Snipe-IT, make sure that their usernames match the value of the NameID element! SAML Force LoginWhen this checkbox is enabled, you will not see a login form of Snipe-IT anymore when you go to the Snipe-IT website. Instead it will redirect you directly to the IdP SAML Login. SAML Single Log OutWhen this checkbox is enabled, then Snipe-IT will send a logout request to your IdP when you click on the Logout Button in Snipe-IT. SAML Custom SettingsHere you can add custom settings to adjust the configuration of the underlaying library which provides the SAML functionality. Config values are (maybe some are missing) (Source)
When you run Snipe-IT behind a reverse proxy the following property might be necessary: baseurl=https://assets.example.com/saml Debug SAML ResponseWhen you need to check the SAML response which is received by Snipe-IT, a simiple woraround might be to use the developer tools of your browser. Hint: Works in Google Chrome, and mabye others work the same way |
This is looking interesting... |
thanks man! I really appreciate,
and finally I changed username = email, The following is the SQL syntax for changing the username to the same as email update users set username=email |
We have this documented here now: https://snipe-it.readme.io/docs/saml
|
We have just purchased OneLogin service and would love to use it with SnipeIT.
Thanks!
Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
The text was updated successfully, but these errors were encountered: