How to accomplish Single Sign-on with pfSense
-
Hello,
I'm a newbie in how authentication works, but I would like to implement a SSO system with pfSense to use it as a core of the network for everything including browsing, mail and accessing data on a local NAS. I've tryied browsing a bit and I see that you can have Radus and LDAP but I had little luck getting these to work. Do you guys know where you can find a good up to date tutorial that I could follow? -
Radius and LDAP are simply mechanisms that pfSense can use to verify a username/password are correct. They don't handle SSO in that you only log in once, then automatically log into other sites/services.
SSO solutions these days usually use SAML, where you have some kind of web-based interface that a site or service can request a token from, the SAML system verifies the username/password (making you enter it if you haven't logged in yet), then sends the token back to the original site/service indicating the user is valid. Or something like that goes on.
pfSense doesn't have any kind of SAML or SSO authentication options. I'm not sure if they're on the map for the future either.
Personally, SSO on a device that is protecting your network… not a good idea. That's just my opinion though.
