How can we improve the SMA (K1000)?

Add support for Security Assertion Markup Language (SAML) to the User Portal (i.e. implement a Shibboleth SP)

Please add support for Security Assertion Markup Language (SAML) OASIS standard to the K1000 User Portal and Administrator Interface by including the Shibboleth2-sp FreeBSD port in the K1000 appliance.

Security Assertion Markup Language (SAML) is an OASIS open standard for federated authentication and authorisation which is increasingly widely supported by academic institutions, online journals and industry partners (https://www.oasis-open.org/standards#samlv2.0). It is particularly suited to the move to cloud hosted solutions and Software as a Service (SaaS) where identity management and desktop management may be provided by separate organisations. In addition it allows true Single Sign On for locally and cloud hosted web based applications from multiple vendors, improving the end user experience. SAML is a widely adopted standard amongst higher education institutions globally – a list of UK higher education and research institutions and suppliers to the sector can be found here: http://www.ukfederation.org.uk/content/Documents/MemberList. It is also mandated by the US Government’s FCCX pilot (Requirement ID PS1, PS2, GF8).

In practice, you would acheive this by adding the Shibboleth2-SP FreeBSD port to the K1000 appliance:

http://svnweb.freebsd.org/ports/head/security/shibboleth2-sp/. This port provides the popular Shibboleth implementation of a SAML service provider (SP) http://shibboleth.net/.

In addition to being something that a great many educational customers could take advantage of today using their existing infastructure, SAML support would also be
good for any commercial organisations who want to consume SaaS offerings whilst maximising security.

I have personally been involved in assisting three commercial suppliers in the sucessful adoption of Shibboleth into their products, and would be very happy to discuss this further with Dell.

250 votes
Vote
Sign in
(thinking…)
Sign in with: Facebook Google
Signed in as (Sign out)
You have left! (?) (thinking…)
Christopher Hoskin shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

16 comments

Sign in
(thinking…)
Sign in with: Facebook Google
Signed in as (Sign out)
Submitting...
  • Jonathan Davis commented  ·   ·  Flag as inappropriate

    Checking back a year since my last comment... SAML still not supported in the KACE K1000 SMA. Original request was.... 2013? Has been in the top 20 ideas for way too long. What's up?

  • Andrew Walter commented  ·   ·  Flag as inappropriate

    I can't believe in this day and age Quest still haven't implemented this - and to think they're shutting down the Quest Identity Broker!

  • Jonathan Davis commented  ·   ·  Flag as inappropriate

    External Authentication for SSO via SAML is a desperately needed feature for the K1000. It is crazy that a product with this much development doesn't support this yet.

  • i o commented  ·   ·  Flag as inappropriate

    I assume that this isn't implemented yet, since googling brought me here.

  • Shane commented  ·   ·  Flag as inappropriate

    Please add this to the SDA (K2000) appliance as well.
    Certain environments dictate 2FA. KACE needs to support it to be taken seriously.
    Why is this not already a thing?

  • Petro commented  ·   ·  Flag as inappropriate

    So... when do we get this SSO functionality that is standard pretty much everywhere else?

  • Anonymous commented  ·   ·  Flag as inappropriate

    SAML these days is a must. For those using Okta, OneLogin, etc., this also gives you MFA support completely agnostic of the app you're authenticating to (i.e. K1000).

Feedback and Knowledge Base