Add support for Security Assertion Markup Language (SAML) to the User Portal (i.e. implement a Shibboleth SP)
Please add support for Security Assertion Markup Language (SAML) OASIS standard to the K1000 User Portal and Administrator Interface by including the Shibboleth2-sp FreeBSD port in the K1000 appliance.
Security Assertion Markup Language (SAML) is an OASIS open standard for federated authentication and authorisation which is increasingly widely supported by academic institutions, online journals and industry partners (https://www.oasis-open.org/standards#samlv2.0). It is particularly suited to the move to cloud hosted solutions and Software as a Service (SaaS) where identity management and desktop management may be provided by separate organisations. In addition it allows true Single Sign On for locally and cloud hosted web based applications from multiple vendors, improving the end user experience. SAML is a widely adopted standard amongst higher education institutions globally – a list of UK higher education and research institutions and suppliers to the sector can be found here: http://www.ukfederation.org.uk/content/Documents/MemberList. It is also mandated by the US Government’s FCCX pilot (Requirement ID PS1, PS2, GF8).
In practice, you would acheive this by adding the Shibboleth2-SP FreeBSD port to the K1000 appliance:
http://svnweb.freebsd.org/ports/head/security/shibboleth2-sp/. This port provides the popular Shibboleth implementation of a SAML service provider (SP) http://shibboleth.net/.
In addition to being something that a great many educational customers could take advantage of today using their existing infastructure, SAML support would also be
good for any commercial organisations who want to consume SaaS offerings whilst maximising security.
I have personally been involved in assisting three commercial suppliers in the sucessful adoption of Shibboleth into their products, and would be very happy to discuss this further with Dell.
This has been targetted for the next major release
Jonathan Davis commented
Checking back a year since my last comment... SAML still not supported in the KACE K1000 SMA. Original request was.... 2013? Has been in the top 20 ideas for way too long. What's up?
this can't happen soon enough.
Peter Yeates commented
When is this next major release scheduled for, that will include SAML with Azaure AD, finally?
Andrew Walter commented
I can't believe in this day and age Quest still haven't implemented this - and to think they're shutting down the Quest Identity Broker!
Richard Goerwitz commented
Absolute no-brainer here, guys. The entire industry is going dual-factor/federated, and you are still giving us what? LDAP?
Jonathan Davis commented
External Authentication for SSO via SAML is a desperately needed feature for the K1000. It is crazy that a product with this much development doesn't support this yet.
Quest is really lagging on this one. What year is it again?
i o commented
I assume that this isn't implemented yet, since googling brought me here.
Let's get SSO SAML Authentication!
Please add this to the SDA (K2000) appliance as well.
Certain environments dictate 2FA. KACE needs to support it to be taken seriously.
Why is this not already a thing?
So... when do we get this SSO functionality that is standard pretty much everywhere else?
SAML these days is a must. For those using Okta, OneLogin, etc., this also gives you MFA support completely agnostic of the app you're authenticating to (i.e. K1000).
would really like to see this added.
Did this ever get implemented?
Yes please, this is the way authentication is going for web applications now.
Dave Lavelle commented
We have Okta for our SAML and would love IdP based SAML for login