SAML Support

freepbx
Tags: #<Tag:0x00007f4f436c96b8>

(Sixtomartin) #1

I see that in the past there were people insterested in having the ability to log in freepbx using a SAML IdP.

Im a SAML expert and I added SAML support to multiple open source apps (Moodle, Magento, Wordpress, Osticket, MediaWiki, Drupal, Joomla, …)

I opened this thread in order to verify if having such SAML module is something interesting for the freebpx community.

I plan to release a commercial module and offer support to help integrating and configuring it with any SAML IdP. What should be a fair price for such module?

If you are interested in such feature, please reply this thread.


(Dave Burgess) #2

My opinion. Mine only. I do not represent anyone but me.

Getting SAML added to SIP is going to require working closely with a LOT of people, many of whom have no incentive to support SAML. This isn’t a monolithic “connect and go” interface; we have people logging in to user interfaces (UCP) and phones logging in to SIP, PJSIP, and SCCP interfaces. At least one of those (SCCP) is going to be enormously resistant to change. We have hardware, software, and API interfaces that need secured and every one of these is going to be challenging from the start.

If I was thinking about this and being (really) old school, I’d probably start by building the SAML interface into the product and let people use it by hand. If they find it useful, they’ll want a management interface that they can then exploit. Then, and only then, would I consider adding a commercial support module.

I’m not working from a theoretical position here. When we were getting Chan-SCCP-B working with FreePBX, we got it working first (for free) and then I wrote a really horrible management module that other people have improved to manage it (once again, for free). Diedrick supports Chan-SCCP-B for a fee for people that need the support and can’t follow the instructions I wrote to install it for free. I have, in fact, done a couple of “commercial” jobs supporting the installation for the software. This “artisan” industry approach has worked very well for me and the people that like phones we can get for 80 cents a pound.

As with all my advice, feel free to ignore. Just thought I’d try to share some of my experience.


(Simon Telephonics) #3

Do you have any FreePBX experience?


#4

I think he is talking only about using SAML to authenticate users logging into the FreePBX web interface?


(Simon Telephonics) #5

Consider https://tools.ietf.org/id/draft-ietf-sipcore-sip-token-authnz-06.html.

I would guess it is ten years away until this draft is standardized and endpoints are using it (other than the Google Voice clients, which use it now).


(system) closed #6

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.