I need to synchronize Home Assistant Directory with a popular SAML in order to utilize a WordPress Single Sign On for a web application that I am building.
Here is a list of SAML that I can utilize:
Azure AD (supports SAML SSO for WordPress login)
Azure AD B2C (supports SAML SSO for WordPress login)
Keycloak (supports SAML SSO for WordPress login)
ADFS (supports SAML SSO for WordPress login)
Okta (supports SAML SSO for WordPress login)
Salesforce (supports SAML SSO for WordPress login)
Office 365 (supports SAML SSO for WordPress login)
Shibboleth (supports SAML SSO for WordPress login)
GSuite / Google Apps (supports SAML SSO for WordPress login)
miniOrange (supports SAML SSO for WordPress login)
OneLogin (supports SAML SSO for WordPress login)
Auth0 (supports SAML SSO for WordPress login)
Centrify (supports SAML SSO for WordPress login)
Gluu Server (supports SAML SSO for WordPress login)
SimpleSAMLphp (supports SAML SSO for WordPress login)
OpenAM (supports SAML SSO for WordPress login)
Ping Identity / PingOne (supports SAML SSO for WordPress login)
Ping Federate / Ping Identity (supports SAML SSO for WordPress login)
RSA (supports SAML SSO for WordPress login)
IBM (supports SAML SSO for WordPress login)
Oracle (supports SAML SSO for WordPress login)
Bitium (supports SAML SSO for WordPress login)
WSO2 (supports SAML SSO for WordPress login)
NetIQ (supports SAML SSO for WordPress login)
FusionAuth (supports SAML SSO for WordPress login)
Absorb LMS (supports SAML SSO for WordPress login)
IdentityServer4 (supports SAML SSO for WordPress login)
OpenAthens (supports SAML SSO for WordPress login)
CyberArk (supports SAML SSO for WordPress login)
SiteMinder (supports SAML SSO for WordPress login)
Fonteva (supports SAML SSO for WordPress login)
PhenixID (supports SAML SSO for WordPress login)
I’m not certain what exactly you’re trying to do here. Home Assistant doesn’t use any external authentication system to get access to HA itself.
If you’re wanting to use your HA instance as the user authentication system for Wordpress by way of a SAML plugin, as far as I’m aware, HA does not present itself in any way as an identity provider to anything outside of local add-ons when running Home Assistant OS.
If you’re trying to drive automation into a Wordpress site that uses SAML, then you’re going to need to code up some sort of custom component that you can step through the login workflow of when configuring. Just be aware that unless the SAML provider has a way for you to get a long lived token, you’re likely to have to step through the login flow regularly (usually at least every 30 days).
Just to be clearer… we have a developer who has a directory of users found within the Community Home directory.
We want to utilize the members of the Community Home directory so that they can use their credentials in order to sign into a WordPress app that I am building.
The idea is that we do not have to have two login creds for this user. They have only one set of creds that are assigned to them in Community Home Directory. They can use same login creds to access our new WP Site.
From what I understand, we need to sync the HA directory to one of these external SAML directories first and then i can use this WP plugin in order to instantiate SSO.
Right now we are considering using one of these free and open source directories in order to make this all happen…
IdentityServer
KeyCloak
By “Community Home directory”, do you mean the forums? I think the failure for me to give any sort of guidance is what is this “community home directory” you’re actually talking about.
You need to look at what HA supports for Auth providers before you design. They don’t support SAML/Oauth by default.
For external directories the docs suggest using the command line auth provider:
Basically the way I read it, to do what you want to do (no ive never done it) you will need a command line program that you can feed a username / password credential pair and it will accept those and attempt auth against (insert whatever here) your auth database.
if it fails, exit process with a nonzero exit code and the auth provider will fail the login. For success, exit the process with exit code of zero.
Nothing to sync, just write a program that can auth against whatever ‘directory’ you want and pass back yes or no.