Single sign-on.

[ItsAGeekThing]

We should look into implementing SSO support in OpenCAD so that communities can have users login into OpenCAD against their own authentication service.

Two options that come to mind are either...

1. We could implement OpenID support but this would require significant rework of the current login system.

2. Implement "HTTP Header Authentication", which would allow OpenCAD to sit behind a reverse proxy (think Autheilia or Cloudflare Access). OpenCAD's login flow would be bypassed and authenticate a user based on a header set by the reverse proxy.

I personally am in favor of the 2nd option as I would prefer to have another application handle authentication instead of OpenCAD itself.

[Cambridgeport90]

I absolutely agree that the second option is more than likely the better one. Though adding onto this, we should look at two-factor auth as well. From: Justin ***@***.***> Sent: Tuesday, June 14, 2022 11:37 PM To: opencad-app/OpenCAD-php ***@***.***> Cc: Subscribed ***@***.***> Subject: [opencad-app/OpenCAD-php] Single sign-on. (Issue #423) We should look into implementing SSO support in OpenCAD so that communities can have users login into OpenCAD against their own authentication service. Two options that come to mind are either... 1. We could implement OpenID support but this would require significant rework of the current login system. 2. Implement "HTTP Header Authentication", which would allow OpenCAD to sit behind a reverse proxy (think Autheilia<https://www.authelia.com/> or Cloudflare Access<https://developers.cloudflare.com/cloudflare-one/identity/users/validating-json/>). OpenCAD's login flow would be bypassed and authenticate a user based on a header set by the reverse proxy. I personally am in favor of the 2nd option as I would prefer to have another application handle authentication instead of OpenCAD itself. — Reply to this email directly, view it on GitHub<#423>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ADS4MAF27TYNELVBZ5ZCT3DVPFFV5ANCNFSM5YZYV3HA>. You are receiving this because you are subscribed to this thread.Message ID: ***@***.******@***.***>>

[phillf]

@Cambridgeport90, do you mean native 2-factor or MFA as component of something like Duo?

[Cambridgeport90]

As a component of something like Duo. From: Phill Fernandes ***@***.***> Sent: Wednesday, June 15, 2022 8:30 AM To: opencad-app/OpenCAD-php ***@***.***> Cc: Katherine M. Moss ***@***.***>; Mention ***@***.***> Subject: Re: [opencad-app/OpenCAD-php] Single sign-on. (Issue #423) @Cambridgeport90<https://github.com/Cambridgeport90>, do you mean native 2-factor or MFA as component of something like Duo? — Reply to this email directly, view it on GitHub<#423 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ADS4MAAH7PZRZE7ZJKNVFCLVPHEFBANCNFSM5YZYV3HA>. You are receiving this because you were mentioned.Message ID: ***@***.******@***.***>>

[phillf]

Okay. Good to know because while possible native 2FA for OpenCAD is possible but a separate conversation.

As a component of something like Duo. From: Phill Fernandes @.> Sent: Wednesday, June 15, 2022 8:30 AM To: opencad-app/OpenCAD-php @.> Cc: Katherine M. Moss @.>; Mention @.> Subject: Re: [opencad-app/OpenCAD-php] Single sign-on. (Issue #423) @Cambridgeport90https://github.com/Cambridgeport90, do you mean native 2-factor or MFA as component of something like Duo? — Reply to this email directly, view it on GitHub<#423 (comment)>, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ADS4MAAH7PZRZE7ZJKNVFCLVPHEFBANCNFSM5YZYV3HA. You are receiving this because you were mentioned.Message ID: @.@.>>