SSO authentication with OpenID Connect, SAML

Forums / NoMachine Terminal Server Products / SSO authentication with OpenID Connect, SAML

Tagged: , , ,

  • This topic has 1 reply, 2 voices, and was last updated 3 years ago by AvatarCato.
Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #18716
    Avatarvnaipaul
    Participant

    Hi,

    We’re exploring SSO integration options for NoMachine (Terminal Server family, though posting here assuming its a broader Apache topic).

    The goal is to accommodate customers’ identity providers.

    I’m guessing that the most natural way to do this would be going through an apache module for OpenID Connect or SAML (e.g. https://github.com/zmartzone/mod_auth_openidc, https://github.com/UNINETT/mod_auth_mellon), versus say going through the PAM stack (which we’re otherwise doing successfully).

    Just wondering if anyone else has pursued this with NoMachine, any lessons learned ?

    I’m also interested to know if we could use NoMachine profiles to vary the identity provider(s) based on the NoMachine user or user-group–assuming the profile rules are exercised before external (outside of NoMachine) authentication.

    I’m new to OpenID Connect & SAML btw.

    Thanks,

    Val

    NoMachine 6.2.4, RHEL 6.x, Xfce 4.8 + openbox

     

    #18920
    AvatarCato
    Contributor

    Hello vnaipaul,

    Although it’s possible to access NoMachine via web player, NoMachine itself is not a web application. NoMachine is meant to allow access to operating system, not just to HTTP server, so it uses authentication methods integrated with OS by default. This means that the most logical way of using NoMachine with various identity providers is by configuring system to use them. It may include installation of specific PAM modules. This also means that potential selection of identity providers should be done by OS.

Viewing 2 posts - 1 through 2 (of 2 total)

This topic was marked as solved, you can't post.