• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Question SSO SAML / Oauth with Keycloak

C

CGI1979

Basic Pleskian
Keycloak from Redhat is a popular selfhosted authentication service that works like a charm. We are looking for a way to single signon into Plesk Onyx (and later Obsidian) with Keycloak.

For most mature applications like Confluence, JIRA etc. the vendor provides a plugin - or there is an affordable plugin in the marketplace.

Plesk already offers the Social Plugin which would require as to register as an OpenID provider as far as I see.
The alternative would be to develop the connector based on Authentication Hook or Automatic Logging.

Wouldn't it be great to log into Plesk seamlessly?
 
Wow - 5 years old this thread and this as far as I can see is still not possible.

We've also just started rolling out keycloak, and the only thing I can see is that we could use LDAP to manage authentication but ideally OpenID should be available - surely if Plesk are allowing login via social plugin we should have a more grown up login method to suit enterprises who may have many installations of Plesk and other systems under one roof?
 
Found this old plugin - not sure if this will do the trick and or if its actually maintained anymore - OneAll Social Login - Plesk Extensions!

Now Plesk have their own the link to this plugin is broken on this page - Authentication Extensions - Archives - Plesk

When you install - (have to enable uploads of extension via INI editor, you will get - "This extension is deprecated. If you remove it, you will not be able to install it anymore."

So maybe this also needs removing from the broken available list...

Whats frustrating is *the author is Plesk* and also openid is listed as an option -



The newer social login however only supports login from the big players or social sites - not exactly useful if you want to run your own IDP.Screenshot 2024-04-30 at 11.40.18.png
 
I also notice that in order to use that plugin you have to register with "oneall" which I'm not prepared to do. I'll try and raise a support ticket with Plesk as this is bonkers - from an infosec standpoint if your running your own identity provider you should not need third party cloud services to facilitate management of an otherwise private network - working on the basis of zero trust adding another actor into the mix is a bit questionable, especially if its a free managed service ...

As a minimum I think its fair to say that most of us would expect the most widely used common and resptected open standard to be supported - openID or SAML.
 
You must log in or register to reply here.
Back
Top