Comments (6)
Initial discussion in the room here at NDC with @RichardCampbell and the team is to bring this forward now.
At a high level we are proposing implementing Identity Server 4 as our HTbox auth solution which can support single sign-on across HTbox products. This would become the central auth solution.
This will likely spin out into sub issues but bumping this to kick start the discussion.
cc/ @tonysurma
from allready.
I'm going to advocate for IdentityServer (http://identityserver.io/) for a few reasons:
- Supports federating with a variety of identity sources (including active directory) so that we don't have to store credentials at all
- Has no dependency on Azure, you can run on prem, in a VM or as an Azure Web App
- Library is part of the .NET Foundation, so well defined, protected open source library
- Dom and Brock (the principle developers) are supporters of HTBox and happy to help with implementation
- Provides a mechanism for doing single sign on across multiple HTBox applications with federated identity
from allready.
I think the comment you made @RichardCampbell is also worth highlighting, whatever the solution agree on we don't want to introduce a barrier (or at least a significant one) for a new developer to get started with the solution. If they have to provision some azure services before they can start contributing then that will be a a hurdle that is probably not desirable.
from allready.
Initial work started to implement an identity server for Htbox. Once ready we will use this issue to track work to move the auth over to calls via the new identity server.
from allready.
Are you also considering to include multi-tenant support and cross domain SSO?
from allready.
@Sarvesh-Gupta It's been discussed and nothing is ruled out. The exact deployment cases for allReady I'm sure will evolve with need. The main site currently can be used by multiple orgs in a shared approach. So multiple orgs can exist on the same instance and from the public facing side, campaigns for all orgs are shown.
@RichardCampbell did discuss the possibility of Htbox hosting "instances" of allReady for individual charities in cases where those may want to be dedicated and possibly even branded separately. In that use case we could be looking at either a true multi-tenant approach, single hosted app, serving under different domains or it might be a case of a deployed instance per org. In a multi-tenant approach it would be a discussion around whether that includes a shared DB or db per org.
With identity server there is the possibility of having SSO across future Htbox apps in a hosted scenario. But also the possibility of individual orgs being configured to pass through to their own corporate identity services such as Azure AD.
I don't think anything is set in stone at this stage. This initial identity server story is around standing up a htbox hosted and branded server. We would then move the authentication out of allReady. That gives us scope to configure the application in various scenarios as the needs arise.
from allready.
Related Issues (20)
- Virtual - registration phone number Check not given for 5 digit number
- Virtual- Home/Assign page Location Needs Data Validation HOT 1
- Virtual-Remove Button on Volunteer Page
- Virtual-Volunteer Home-Description Text
- Virtual-Change Contact Info
- Virtual-My Organization page - Location Field
- Virtual-Register A New organization
- Virtual - Server Error in '/' Application - A person cannot belong to more than one organization. - happens when Register New Organization with 'test' in Organization Name and all the other fields empty HOT 1
- Virtual - Server Error in '/' Application - Logged-in person not found or is an administrator - happens when Register New Organization with ยด in Organization Name and all the other fields empty HOT 1
- Virtual - CheckinResource - Many chars in Quantity gives an error messages that stretches the webpage a long way to the right HOT 1
- Build Issues with 37833fcf2ea4d1f54d0e846c78ff79b307509809 HOT 1
- NETSDK1059 warning HOT 1
- AllReady.ScenarioTest Issues HOT 13
- Gulp 3.9.1 Issues with Node 10 HOT 4
- Campaign Start/End Date does not appear correctly on Admin/Event/Create page HOT 2
- Error when signing up to the mail list HOT 3
- Is This Repository still maintained?? HOT 7
- Visual studio problems to run C/C++
- Is this repo maintain so far? HOT 1
- Idempotency Issue with SMS sending function: Add duplicate message detection
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from allready.