-
Notifications
You must be signed in to change notification settings - Fork 6.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Shibboleth/SAML Authentication again: /login ignored #13324
Comments
Yes it is removed. |
@damencho thanks for helping! What is the way to get authenticatio to our central IDM (Shibboleth) working? Any other ways that are supported by Jitsi now? And does the removal already affect the current stable 1.0.7235 ? |
You can use this perhaps: https://github.com/Renater/Jitsi-SAML2JWT |
@saghul this is third party. Is this tested? @daimoc Is this working? I somehow can't quite understand why Shibboleth support was disabled. In larger organizations like universities it is common to authenticate web based services against Shibboleth. The configuration is admittedly a pain, but now we're left with no alternative, which could lead to Jitsi being shut down if no way to authenticate to Shibboleth results. I think the least would have been to point this out on the üriginal Shibboleth doc page and show alternatives. |
We rely on Shibboleth authentication as it is a central service in our organisation (university), so disabling is problematic for us. |
Yes it is, @daimoc wrote it to replace Shibboleth auth which we deprecated a while ago. The writing has been on the wall for a while.
The simple answer is we can't reliably maintain it since we don't use it. Plus, it's possible to use an external service to transform any auth into token based auth so it makes things easier to maintain. We waited until such tool existed before removing support for it.
🤦 You're right. |
For a temporary solution - until I implement the JWT setup - would it be possible to add the removed Shibboleth code back? In that case I would build a Debian package and use that for now. Or would that not work? |
The latest version that has it is https://download.jitsi.org/unstable/jicofo_1.0-1024-1_all.deb |
Thanks. An patching the current stable version. Would that work too? |
Yep you can download sorces for jicofo 1027 and try patching it, by applying he removed code, rebuild and run that. |
It's maybe faster to enable the JWT setup than rebuilding a custom jicofo jar. |
When updating jitsi-meet-web from 1.0.5913 to the newest stable version 1.0.7235 from
https://download.jitsi.org stable/
on Ubuntu 20.04 LTS + nginx 1.24.0 (module-headersmore, module-shibboleth) the login to Shibboleth is completely ignored by jitsi-meet-web. Is this still an issue or did I miss some new configuration after updating?This issue is related to #9026 and this post in forum and jitsi/jicofo#724, but those didn't help me out.
And final question: is the shibboleth support dropped or not? In various places you read that the Shibboleth support is to be dropped, but it is not understandable whether this has already happened or not. The doc for Shibboleth has been removed from the repo, see jitsi/jicofo#693 - what is the current status here?
The text was updated successfully, but these errors were encountered: