Please note this is my opinion only
It seems any kind of dual auth will need a security app running on YOUR server saving toikens, logins etc etc
this is what lead to microsoft, gmail etc having their own api which will only work for them
this is also (mainly because of https authing the device) what makes it hard to proxy oauth2 etc
If you look at sogo's documentation they have a java server applet
Still working on the install to make work with my system but in general you need your own whatever app to track oauth2
5.7. Authenticating using C.A.S. SOGo natively supports C.A.S. authentication. For activating C.A.S. authentication you need first to make sure that the SOGoAuthenticationType setting is set to cas, SOGoXSRFValidationEnabled is set to NO and that the SOGoCASServiceURL setting is configured appropriately.
I myself will eventually get around to implimenting this on one of my servers ?
logically i will have to track tokens etc via https like google etc
basically the reality is every server will have it's own token base etc thus preventing any kind of a standard.
Happy Sunday !!! Thanks - paul
Paul Kudla
Scom.ca Internet Services http://www.scom.ca 004-1009 Byron Street South Whitby, Ontario - Canada L1N 4S3
Toronto 416.642.7266 Main 1.866.411.7266 Fax 1.888.892.7266 Email paul@scom.ca
On 7/3/2022 9:50 AM, John Gateley wrote:
On 7/3/22 8:31 AM, John Gateley wrote:
The protocols were designed long before SAML and OIDC. SAML/OIDC give you more control over authn/z and allow easily adding in MFA or other different types of auth. To do this right, you'd need to extend the protocol to allow OIDC or SAML.
I did find this RFC - I haven't read it, but it applies directly: https://datatracker.ietf.org/doc/html/rfc7628
j