we will be working on saml on the next two releases , we dont have experience on the technology so it would be good if we can collaborate with a couple of customers that:
have build saml server (so we understand deeper how the technology works)
have configured an application to work with saml (so we know how ux, settings, etc would work)
both is ideal, one of them is really good too.
our plan is to expand authentication (not authorisation) to saml but we would still require local accounts in eramba to be created. this will take a month or two but hopefully we can start to collect the information we need to plan on how to build it.
We have almost confirmed funding from one of our customers to implement SAML 2.0 , we would appreciate if those of you that have applications using SAML 2.0 to send us over screesnhots that show what configuration parameters they use so we make sure we build something that will work more or less the same way your other SAML compatible apps
Similar to how you’re syncing LDAP accounts to local accounts, you would be able to use Just-in-Time provisioning to create local accounts through SAML. Instead of syncing users from an Active Directory instance, with Just-in-Time provisioning users are created and updated dynamically when they log in, based on SAML assertions sent by the identity provider.
This would be a massive benefit - a default group be set if no group info is passed, or if group info is passed and matches an existng group in eramba then the user would be set as a member of the group