Simultaneous SSO + Password logins for Developer Accounts?

Lee_Chisholm · July 23, 2018, 3:43pm

Hi there,
Is it possible to have some developer users (the ones who register to get API keys etc) login to the Developer Portal via SSO/LDAP, and others who register independently and receive a username and password?

I’m assuming yes, but need to confirm.

Thanks,
Lee

Yaara · July 23, 2018, 4:59pm

Hi Lee,
You could block the registering option in the settings and leave the login page available.
This way you will handle the registry of the users (with api calls to the dashboard) for regular users and they will be able to login the dev portal via the default login page and other users will be able to use an alternative login page that will redirect their creds to TIB and log them in after successfully validating against the LDAP server.
BTW, With TIB you can have any number of profiles to log your users in (oidc, ldap and each different servers and client_ids)

Lee_Chisholm · July 23, 2018, 7:39pm

Thanks for the input Yaara. I have a few follow on questions. Can you confirm if my understanding below is correct:

SSO Login Page
For SSO users we will need to build a custom page built that works with TIB to perform an SSO login.

Password Login Page
For password users we’ll use the default developer login/registration page.

I’m not understanding why we would need to block registering of users? We still need password registration as an option, but we also need to support SSO from an LDAP for a certain set of users.

Appreciate your insight.

Lee

Yaara · July 23, 2018, 8:26pm

You are right. There’s no need to block registering.
I thought you might want to be able to prevent users from trying to register, so your LDAP users will not do that, but regardless that was wrong.

Lee_Chisholm · July 24, 2018, 12:39pm

Thanks Yaara. As a follow up to this question, for each additional LDAP we want to add into the mix that would require another custom login page? For example:

User Group A - LDAP #1 has all their passwords.
User Group B - LDAP #2 has all their passwords.
All Other Users - Password login.

Appreciate your input.

Thanks,
Lee

Yaara · July 25, 2018, 5:13pm

Yes.
]TIB can have many profiles (in profiles.json or with TIB REST APIs. Since the definition of the LDAP is there, you can have different LDAP servers to authenticate against.
GroupA needs a login page that will send TIB post request with one profile, for instance “GroupALdap”
GroupB needs a login page that will send TIB post request with another profile, for instance “GroupBLdap”

Please also check our ldap doc and ldap guide, to see an example.

Thanks,
Yaara

Lee_Chisholm · July 25, 2018, 5:50pm

This is helpful, thank you Yaara.
Lee