Question about authentication

alexcvcoelho 2017-06-05 14:29:40 UTC #1

Hello

I work in Facens, one college in Brazil, and we need use Fab Manager in us Fab Lab, but for this use is necessary authenticate a student in another database, but people that not be students need use the system too. My question is, with OAuth2 authentication I can register others peoples that isn't students with customers?

Thanks

Sylvain 2017-06-07 16:06:21 UTC #2

Hi @alexcvcoelho,

If you enable OAuth2 authentication; this will be exclusive. So only people registered on your OAuth2 server will be able to connect to fab-manager.

Anyway, the OAuth2 server is yours, so you can configure the users and the policies you want on this server ... It mainly depends on the OAuth2 system you uses and its possibilities.

I hope this answers your question ...

alexcvcoelho 2017-06-08 11:12:45 UTC #3

Thank you very much @Sylvain that was my question.

serenalugano 2020-12-10 15:11:21 UTC #4

Bonjour @Sylvain,

I have a question regarding the authentication too.
Is it possible to integrate ADFS (windows credentials) as an authentication system of fabmanager?
We need to allow the access only to people with our university email and a second authentication system for external users.
Is there already an example of such an integration?

thank you for letting me know.
bests
serena

Sylvain 2020-12-14 08:24:07 UTC #5

Hi Serana,

I don't really know ADFS, but I think it must be compatible with an LDAP authentication? If it is the case, we have planned to integrate this authentication method in Fab-manager, for our 2021 roadmap. In the meantime, unless your authentification provider supports oauth2, I'm affraid there no way to connect FM to it.

Best regards,
Sylvain

serenalugano 2021-11-02 09:55:22 UTC #6

Good morning @Sylvain

Sorry for disturbing, I know that I can check the updates version, but I wanted to ask if you integrated the LDAP authentication in the fabmanager.

thank you
Serena

Sylvain 2021-11-02 10:54:42 UTC #7

Hi Serena,

We still havn't done that yet but we're about to add OpenID Connect authentication in the next release, if it may help...

Best regards,
Sylvain

serenalugano 2021-11-02 11:06:26 UTC #8

ok thanks for the feedback!!! I will check if OpenID Connect is compatible with our system.

bests

serenalugano 2022-04-05 15:35:14 UTC #9

Hello @Sylvain

hope you are fine. We have just updated our fabmanager to the new version. It is great.

I still have few questions for you:
1. the login via LDAP verso active directory , ADFS, or Azure is still in development?
2. How can I export and import the data from the fabmanager database into a new fabmanager? the new version is installed on a new virtual machine and I should transfer all contents. I can export and import the users with the export function but I still do not see how to copy the machines, the trainings and the project descriptions.

thank you for your kind feedback

serena

serenalugano 2022-04-05 15:39:36 UTC #10

@Sylvain if you have implemented Open ID connect, do you have any documentation or reference to understand how to implement it in our fabmanager?

Sylvain 2022-04-06 08:56:43 UTC #11

Hi @serenalugano ,

The OpenId Connect is currently in development, it should be release with Fab-manager v5.4 (in a few weeks). Concerning LDAP or Active Directory, for now I'm afraid we have no plans to support it. Concerning Azur, you can use the current oAuth2 connector.

There's no user-friendly way to import/export machines or other specific resources. But, you can migrate the whole databases and assets between two different machines using rsync (please be aware that the two machines must be running the same FM version):

ssh root@new.server.com
rsync -artz --info=progress2 --exclude 'docker-compose.yml' root@old.server.com:/apps/fabmanager/* /apps/fabmanager

serenalugano 2022-04-11 13:15:25 UTC #12

Thank you @Sylvain
You are great.

We are trying to configure Azure.

Do you have info on how to fill these fields? indicazione su come compilare questi campi per interfacciare con Azure AD? Some of them are clear, others are a bit opaque.
Do you have a guide on this?

Sylvain 2022-04-13 08:05:35 UTC #13

Hi @serenalugano, I'm afraid I don't have understood your whole previous message as I'm not very good in Italian

Nevertheless, here's some hints to configure Azur AD with Fab-manager :
- Your server root URL, authorization endpoint and token acquisition endpoint are correctly configured.
- Profile edition URL should point to https://myaccount.microsoft.com
- Scopes should be configured accordingly with the permissions you configured in Azur, (eg. email):

serenalugano 2022-04-13 08:15:25 UTC #14

Hi @Sylvain sorry but I copied and pasted the message from my developer and I forgot to delete it. I will forward the message to him. Thanks a lot! .-)

Propulsé par Discourse, le rendu est meilleur avec le JavaScript activé