If you want to use Keycloak as IdP for your SAML login you might wish to limit access to certain Service Providers (SPs) according to your LDAP group memberships. The way to do this is not very intuitive, so I’ll try to show an easy way to do this. What we’ll be doing: Step 1: […]
Category: SSO
This short post is about how to run the open-webui docker container with an apache based reversed proxy (handling the SSL termination and authentication with mod-auth-mellon). In the following example the open-webui docker container is listening on localhost only, port 8009 (s. variable definition at the beginning of the apache2 config): In order to use […]
Today I changed some things regarding authentication in my local setup and (once again) was curious about enabling more services to user kerberos logins. And – as always – I ended up in an extensive debug session in order to make (some) things work. To spare some of you some of your precious time I’ll […]
I’ve been running SAML based SSO using Simplesamlphp for some time now. While its PHP based approach is very flexible (and configuration is easy compared to Java-based Shibboleth) there are still quite some things you need to know to get started. Keycloak is an alternative that’s not as flexible to use (as far as I’ve […]