2
 Followers
1
 Like

Do you need to customize Auth on Users?

System Components
On our radar

Please allow the same customization level we have in Lifetime (as plugins) to authentication Application Users without requiring to clone the espace Users!

Typical scenarios: 

  • External User auth which is not supported (built-in auths): for e.g: SAML 2.0
  • External User Management of Roles: can we facilitate the mapping between external and internal roles? 
  • External User auth and built-in Brute-Force: can we still use the built-in brute-force protection? 


Thanks  in advance


Created on 3 Jan
Comments (6)

Changed the category to Lifetime


What's wrong with the IDP component on the Forge? It does this already I think?

J.Ja

Hi Justin,

Yes, it does perform the authentication for that use-case, probably that is not the best example to give :) 

However, there are use-cases where we can face some underlying technology limitation which is not covered out-of-the-box in the Users applications (Oracle LDAP, I have seen quite a few challenges in some scenarios). 

Other scenarios are because customers rely on their authentication to an external database or to a web service, or because they want to sync groups/permissions


By having the need to customize the Users, you are left with an application you will need to support and maintain (not to mention in case you upgrade the platform you will also need to redo the customization to re-use the new features/improvements provided by Users).
Yes, we can argue you don't need to customize Users and you can build the logic in a different module and extend it, but, that means you no longer have the brute-force protection unless you implement by yourself

I think Users application should be robust enough, to allow authentication plugins, like Lifetime, where you take full advantage of the Users features (Brute force, Roles, Groups) with the same transparency and centralized login


The problem is, Users can't really support EVERYONE'S scenarios; it certainly doesn't fit many of mine, and in fact, I almost never use it past the initial stage of a project if I can help it. For one thing, it's styling is completely different from the rest of the application so it feels out of place. It's functionality (as you have noticed) is very limited and doesn't really cover many use cases. It is pretty useless for multi-tenant situations. It doesn't help self-service (especially important in multi-tenant and SaaS) much at all. And on and on.

I don't see Users as "something I want OutSystems to improve", I see it as, "a handy utility which any medium or large project will quickly outgrow, but having it there let's me avoid doing 1 or 2 day's of work at the beginning of a project, but I will eventually do that work later on". In other words, it returns some time to me to focus on my MVP rather than building user management that works well.

Even then... I try to avoid it in many cases because I need the users to be in an application-specific user provider. :(

I agree that Users probably could/should be stronger, but I think that the effort should be done in a manner that is easily re-used by a custom-written system instead of the way it feels now, where too much of it is tied to the Users UI or specific workflows in that UI.

J.Ja

Changed the category to System Components


Changed the status to
On our radar


views
171
Followers
2