Allow SSO / SAML as alternative to using /auth/login
I would like to be able to..
Integrate Plan with my own server website through SAML SSO
Is your feature request related to a problem? Please describe.
This would not only be a more convenient way of logging in, but also makes the process safer if 2FA is used on the SSO provider. Definitely seconding this!
Your idea works too! But what I meant was more of Plan being SSO provider as well. I intend to make a portal website, and use the plan account as the login account. There is a way now, which is to use /auth/login API endpoint. But SSO would be better :)
If anyone knows ready made SSO libraries for Jetty that would make this a lot easier
I couldn't find any jetty SAML/SSO librairies that is not deprecated. I did manage to find a popular java libraries, SAML-Toolkits/java-saml, it seems to include everything that would be necessary and a lot more
Personally I would like to connect to my plan instance with keycloak, not use plan as an IdP
I have implemented some basic OIDC support here for our network if you want to use it or take some inspiration. I tested it with our internal Authentik instance which works perfectly fine. Other than that I didnt perform load tests or other specific cases (which is why I probably wont create a pull request). Also PKCE support is missing and there are some minor issues that might need to be fixed especially during registration if the User doesnt exist yet and registration is disabled. But other than that it should be fine.
And also: The OAuth button just sits in the frontend permanently even if it is disabled. Sooo, yeah