Menu
▾
▴
Re: [Unity-idm-discuss] Difficult use-case for ldap integration
|
From: Sander A. <sa....@fz...> - 2023-08-22 06:24:25
|
Hi Krzysztof, thanks for the feedback. We are not sure if we want to use the userhome Endpoint of not. Would this also work during the registration/first time login into unity? Best regards, Sander On Mon, 2023-08-21 at 12:32 +0200, Krzysztof Benedyczak wrote: > Hi Sander, > > W dniu 18.08.2023 o 12:42, Sander Apweiler pisze: > > Hi Krzysztof, hi Roman, > > within another project we have a quite difficult use-case for > > integrating LDAP for authentication in untiy. The LDAP has one tree > > containing the usernames, passwords and an identifier (not equal to > > the > > username). Within another tree we have this identifier, email and > > name > > of the user. > > > > As far as I understood the manual unity would be able to perform > > the > > ldapsearch for the attributes on another tree than the bind call > > for > > authentication, but it would require the username in both trees. So > > this would not fit here. > > > > We had two ideas what could work but would need your knowledge to > > clarify this. The first idea was the mechanism to call an attribute > > authority after user authentication, like we had in the lifescience > > use-case in past. Could we use this feature to perform the second > > LDAP > > call after authentication to fetch the user information from the > > seconf > > tree using the identifier. > > > > The second idea was fetching the user information from a > > proprietary > > API, which already exists. For this we would need to trigger a > > script, > > which fetches the information and stores them into unity. Would > > there > > be a trigger for a groovy script in the authentication/registration > > process where we could integrate the script? > > > The first of your ideas should work. Note that this will work only > when > in Unity authentication is performed on one of IdP endpoints (SAML or > OAuth). But if that is fine (and so you don't need to enrich > information > about existing user logging into unity directly, like to homeUI), > then > usage of LDAP importer should be just perfect. > > > Best, > Krzysztof > -- Large-Scale Data Science Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Stefan Müller Geschaeftsfuehrung: Prof. Dr. Astrid Lambrecht (Vorsitzende), Karsten Beneke (stellv. Vorsitzender), Dr. Ir. Pieter Jansens ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
