Hey,
I'm using iTop 3.2.1 and have all users configured as UserLDAP synched with the corresponding DataCollector.
Now I'm in the progress to introduce SAML/SSO.
I got a configuration running on my test system where I'm able to connect iTop SAML to my IDP (authentik for testing).
Now I run into the following issue:
* A user authenticating with SAML will have to have a corresponding UserExternal to login.
* Currently all users are created as UserLDAP
* Even with the same username the UserLDAP is not choosen wen loggin in with SAML.
I know that the DataCollector for LDAP supports the setting users_target_class to change that class.
Now my question is:
What is the smoothest way to change from LDAP to SAML?
Just change the Setting in the LDAP DataCollector? Will it remove the UserLDAP and create the UserExternal?
Should I remove all UserLDAP (loosing all settings) by hand?
Has anyone already done this type of transition and has some input?
Is there some other Hack I could use, like routing the UserExternal to UserLDAP or performing some changes in the DB itself?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hey,
I'm using iTop 3.2.1 and have all users configured as UserLDAP synched with the corresponding DataCollector.
Now I'm in the progress to introduce SAML/SSO.
I got a configuration running on my test system where I'm able to connect iTop SAML to my IDP (authentik for testing).
Now I run into the following issue:
* A user authenticating with SAML will have to have a corresponding UserExternal to login.
* Currently all users are created as UserLDAP
* Even with the same username the UserLDAP is not choosen wen loggin in with SAML.
I know that the DataCollector for LDAP supports the setting users_target_class to change that class.
Now my question is:
What is the smoothest way to change from LDAP to SAML?
Just change the Setting in the LDAP DataCollector? Will it remove the UserLDAP and create the UserExternal?
Should I remove all UserLDAP (loosing all settings) by hand?
Has anyone already done this type of transition and has some input?
Is there some other Hack I could use, like routing the UserExternal to UserLDAP or performing some changes in the DB itself?