[midPoint] Using midPoint as the User Directory

[Solberg, Eric]

I’m building a SaaS application, that I’m hosting in Google Cloud Platform. Now, I could leverage services in GCP to do this (or AWS if I moved there) – but I’m building this solution to be cloud agnostic.

 

I’ll have a small number of internal users, and a large number of external (customer) users. These external users will have 4 or 5 different roles, and these roles are hierarchical. The vast majority of users will have just the “user” role. 

 

I could easily take the conventional approach and use OpenLDAP as the user store, and midpoint would do a great job of keeping this in sync.

 

But in my scenario, do I really need LDAP? It seems that midpoint already supports everything I need.

 

Here’s a blog where a fairly significant SaaS vendor mentions migrating from LDAP to MySQL, with lots of benefit:

https://www.egnyte.com/blog/2014/01/how-we-migrated-millions-of-users-from-ldap-to-mysql-using-feature-flags/

 

My thought is to build an API in front of midpoint for authenticating users, and retrieve all the necessary role/group and access info needed through the app for authorization decisions. I have a few questions:

 
Has anyone used midpoint this way? Are there any technical reasons not to?
Should I be able to leverage the developer APIs to do this? Or will I need to integrate directly to the database?
 

Thanks for the feedback.

 

Eric

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20181019/018eb9d2/attachment.htm>