We’re exploring SSO integration options for NoMachine (Terminal Server family, though posting here assuming its a broader Apache topic).
The goal is to accommodate customers’ identity providers.
I’m guessing that the most natural way to do this would be going through an apache module for OpenID Connect or SAML (e.g. https://github.com/zmartzone/mod_auth_openidc, https://github.com/UNINETT/mod_auth_mellon), versus say going through the PAM stack (which we’re otherwise doing successfully).
Just wondering if anyone else has pursued this with NoMachine, any lessons learned ?
I’m also interested to know if we could use NoMachine profiles to vary the identity provider(s) based on the NoMachine user or user-group–assuming the profile rules are exercised before external (outside of NoMachine) authentication.
I’m new to OpenID Connect & SAML btw.
NoMachine 6.2.4, RHEL 6.x, Xfce 4.8 + openbox