Need dedicated support? Click here
Need dedicated support?
Click here

LDAP and SSO login at the same time... does it work that way?

Workspace
#1

Do you want to: Ask a how-to question

For feature suggestions, describe the result you would like to achieve in detail: Users connect to OO providing either LDAP or SSO credentials

For bug reports, provide the steps to reproduce and if possible a minimal demo of the problem: —

Community Server version: 12.5.2.1848
Control Panel version: 3.5.0.516

Type of installation of Workspace: deb

OS: Ubuntu Linux 22.04

Browser version: Firefox 115.0.2

Hey all,
while testing community server for my use case, I am able to login to OO workstation via my LDAP server (Windows AD), and it works great.
It would be preferred to be able to login via SSO simultaneously.

  • is this possible ?
  • can I configure OO to connect to LDAP and SSO at the same time, so some users can login to OO using LDAP credentials and other users via SSO also ?
  • if so, it there any trick in the configuration, or just the documented procedures for LDAP and SSO separately ?

thanks in advance

#2

Hi @alextasikas,

Yes, this is possible. There are no tricks, just connect your LDAP server via Control Panel => LDAP and SSO server via Control Panel => SSO. If a user has the same email address on both LDAP and SSO servers, they will have a possibility to log in to the portal via both LDAP and SSO.

#3

Thank you very much

#4

One last question,
maybe fool one (I have little knowledge on SSO technology) but I 'll say it just in case.

My organization’s SSO service is relaying on CAS (as far as I know, Apereo CAS).
I can understand that CAS is the protocol and Apereo CAS and also Shibboleth are server implementations.

The following two sentences from OO Workstation’s ControlPanel and Documentation respectively make me ask here.

Single Sign-on allows to enable or disable third-party authentication using the installed SSO services (OneLogin, Shibboleth, etc) without providing additional credentials. SAML protocol is used as it is considered to be more secure.

The Single Sign-on feature provided by the Control Panel allows you to enable third-party authentication using the installed SSO services (Shibboleth, OneLogin, or Active Directory Federation Services).

Are those implying that OO Workstation SSO feature work only with Shibboleth SSO services and not Apereo CAS SSO services ?

regards

#5

Hi @alextasikas,
This means we have tested the SSO connection only with these IdP’s, but you can try to connect Apereo CAS as well and check if it works.

#6

I am grateful