Kerberos authentication (LDAP Single Sign On)


#1

We are an agency which does digital transformation in companies.
We are a big fan of rocketchat and often recommend it to our clients.

Please add kerberos authentication, because this is a criteria which many of our clients have. They’d like to have all services automatically signed in.


#2

Automatic sign in is very important feature for most corporate companies.
We are searching for solution but we are out of ideas for now - we could not find how to integrate neither via ntlm nor kerberos (as no support out of the box).

May be some one can help with advice how to implement automatic sign in for users taking user/pass from active directory?


#3

Ldap or ADFS(SAML) is pretty much the only two ways we can authenticate with Active Directory. Typically either choice works fine for most people


#4

LDAP solves issue of having different credentials, but is not solving problem of autologin and ensuring all poeple are available.
In result problem is bigger than it seems at first. For small teams (a specially for IT organizations) it is not a problem. But for large companies implementation of chat software is a problem by it self - as not all people are willing to use it. If not all people are using it - than it looses meaning for those how would like to try it at least - as you can not reach people you need. The only option in such situation is to start client automatically with user logged in - so you know you will get response.


#5

Hi,

here are three links which helped me implementing kerberos authentication:

Maybe this could help…


#6

I believe using rocketchat:// you can start the app and sign people in automatically. Though you’d have to work out some sort of token to use so it wouldn’t involve using the password.

Single sign on and automatic sign on are hard problems. Every company has their own ways. So we try to provide api’s and authentication methods to allow people to make it fit how they want it


#7

We definitely welcome PR’s thanks for the links. If we decide to put on our roadmap, could be useful


Connecting Rocket.chat to Active Directory