| 9 Mar 2024 |
 hexa | but does that really justify the added complexity for saml? | 01:53:42 |
| hexa | like why would you even say you prefer it? | 01:53:51 |
| hexa | your neither a government, nor a university, nor a global conglomerate | 01:54:06 |
 raitobezarius | (well I worked for :P) | 01:54:23 |
| raitobezarius | And honestly every time I tried to replicate certain setups with OIDC, it made me appreciate the thoughtfulness of the SAML design | 01:54:43 |
| hexa | pretty sure people go for saml for poltiical or structural reasons only | 01:54:52 |
| raitobezarius | Now, my position is more I wish there were Kanidm for SAML | 01:54:54 |
| raitobezarius | And I'd probably use more SAML in my infrastructure if I could do that | 01:55:06 |
| hexa | keycloak? 😛 | 01:55:16 |
| raitobezarius | Keycloak does not know how to implement SAML | 01:55:22 |
| hexa | who does though? 😄 | 01:55:36 |
| raitobezarius | don't tell me 'see?' :D | 01:55:37 |
| raitobezarius | In reply to @hexa:lossy.network
who does though? 😄 Well, Apereo folks does OK things in that area | 01:55:49 |
| hexa | so CAS? | 01:55:59 |
| raitobezarius | It's honest even though I hate Java Enterprise | 01:56:37 |
| raitobezarius | (it hurts me to say it ok) | 01:56:49 |
| hexa | ❯ rg apereo
pkgs/development/php-packages/phing/composer.lock
4672: "apereo/phpcas": "<1.6",
| 01:57:03 |
| hexa | 🤡 | 01:57:08 |
| raitobezarius | what is this supposed to mean :D | 01:57:24 |
| hexa | take the best of both worlds | 01:57:27 |
| raitobezarius | But honestly, you say 'added complexity of SAML', I wonder how much this complexity has been inflicted by the bad reputation of SAML via corporate vendors | 01:57:40 |
| raitobezarius | OIDC was/is also very complicated | 01:57:47 |
| raitobezarius | I wonder why that complexity is also accepted | 01:58:14 |
| raitobezarius | and well all software has bugs :p https://github.com/kanidm/kanidm/issues/2611 | 01:59:27 |
| raitobezarius | even with a good codebase like kanidm we find some weird stuff | 01:59:53 |
| hexa | contemplating the requirements for our sso | 02:02:21 |
| hexa | wondering if the self service that kani provides is sufficient | 02:02:32 |
| hexa | haven't seen rc16 yet | 02:02:38 |
| raitobezarius | we are probably going to develop a self service on the top of it for our needs | 02:02:59 |
| raitobezarius | and just use kanidm API for a bunch of things | 02:03:13 |
