Question about authentication

Hello

I work in Facens, one college in Brazil, and we need use Fab Manager in us Fab Lab, but for this use is necessary authenticate a student in another database, but people that not be students need use the system too. My question is, with OAuth2 authentication I can register others peoples that isn’t students with customers?

Thanks

Hi @alexcvcoelho,

If you enable OAuth2 authentication; this will be exclusive. So only people registered on your OAuth2 server will be able to connect to fab-manager.

Anyway, the OAuth2 server is yours, so you can configure the users and the policies you want on this server … It mainly depends on the OAuth2 system you uses and its possibilities.

I hope this answers your question …

Thank you very much @Sylvain that was my question.

Bonjour @Sylvain,

I have a question regarding the authentication too.
Is it possible to integrate ADFS (windows credentials) as an authentication system of fabmanager?
We need to allow the access only to people with our university email and a second authentication system for external users.
Is there already an example of such an integration?

thank you for letting me know.
bests
serena

Hi Serana,

I don’t really know ADFS, but I think it must be compatible with an LDAP authentication? If it is the case, we have planned to integrate this authentication method in Fab-manager, for our 2021 roadmap. In the meantime, unless your authentification provider supports oauth2, I’m affraid there no way to connect FM to it.

Best regards,
Sylvain

Good morning @Sylvain

Sorry for disturbing, I know that I can check the updates version, but I wanted to ask if you integrated the LDAP authentication in the fabmanager.

thank you
Serena

Hi Serena,

We still havn’t done that yet but we’re about to add OpenID Connect authentication in the next release, if it may help…

Best regards,
Sylvain

ok thanks for the feedback!!! I will check if OpenID Connect is compatible with our system.

bests

Hello @Sylvain

hope you are fine. We have just updated our fabmanager to the new version. It is great.

I still have few questions for you:

  1. the login via LDAP verso active directory , ADFS, or Azure is still in development?
  2. How can I export and import the data from the fabmanager database into a new fabmanager? the new version is installed on a new virtual machine and I should transfer all contents. I can export and import the users with the export function but I still do not see how to copy the machines, the trainings and the project descriptions.

thank you for your kind feedback

serena

@Sylvain if you have implemented Open ID connect, do you have any documentation or reference to understand how to implement it in our fabmanager?

Hi @serenalugano ,

The OpenId Connect is currently in development, it should be release with Fab-manager v5.4 (in a few weeks). Concerning LDAP or Active Directory, for now I’m afraid we have no plans to support it. Concerning Azur, you can use the current oAuth2 connector.

There’s no user-friendly way to import/export machines or other specific resources. But, you can migrate the whole databases and assets between two different machines using rsync (please be aware that the two machines must be running the same FM version):

ssh root@new.server.com
rsync -artz --info=progress2 --exclude 'docker-compose.yml' root@old.server.com:/apps/fabmanager/* /apps/fabmanager

Thank you @Sylvain
You are great.

We are trying to configure Azure.

Do you have info on how to fill these fields? indicazione su come compilare questi campi per interfacciare con Azure AD? Some of them are clear, others are a bit opaque.
Do you have a guide on this?

Hi @serenalugano, I’m afraid I don’t have understood your whole previous message as I’m not very good in Italian :sweat_smile:

Nevertheless, here’s some hints to configure Azur AD with Fab-manager :

  • Your server root URL, authorization endpoint and token acquisition endpoint are correctly configured.
  • Profile edition URL should point to https://myaccount.microsoft.com
  • Scopes should be configured accordingly with the permissions you configured in Azur, (eg. email):

Hi @Sylvain sorry but I copied and pasted the message from my developer and I forgot to delete it. I will forward the message to him. Thanks a lot! .-)

1 « J'aime »