SSO with Microsoft ADFS
I have recently developed an ADFS SSO component from the latest 2.1 stable build. As most of you know ADFS is one of the most widely used SSO services and one of the most secure. Most organisation would prefer it to LDAP, and since the introduction of OAUTH2.0 in ADFS 3.0 it's now possible to link the two together. The code is ready and has been tested. I am just finishing the documentation (how to setup and how it works). I just want to check if the team here will be interested in me creating a pull request and merging with the latest stable 2.1. I do believe that this feature will be very useful to many and a must feature for Mattermost.
Thanks for deploying Mattermost and for building the extension. We’re very glad your team has the functionality it needs,
There are no current plans to merge auth add-ons to Team Edition:
1. Authentication is a critical path that needs to be tested, maintained and supported with each monthly release and Mattermost volunteers aren’t prepared to bear the tax this change would impose on them (including setting up Microsoft ADFS, testing across mobile and desktop apps, across all different web browsers and OSs, etc.), and
2. Such a change increases the difficulty of creating high quality apps and drivers, as developers would be taxed with requests for support, troubleshooting, and debug set ups that would be expensive to reproduce.
lewis hamilton commented
Step 1: Configure your ADFS 2.0 IdP.
Step 2: Add an ADFS 2.0 relying party trust.
Step 3: Define the ADFS 2.0 claim rules.
Step 4: Configure the ADFS 2.0 Authentication Policies.
Step 5: Enable SAML 2.0 SSO for your TalentLMS domain.