Does Asterisk support SAML SSO?

For the administrator web interface, does Asterisk support SAML SSO? We no longer have the ability to use LDAP, since it’s a legacy protocol.

Specifically, we are trying to use Entra ID as our IdP.

As soon as I heard LDAP being described as a “legacy protocol”, I immediately thought “you’re doing it wrong”.

Having never heard of SAML, I thought I would look it up.

From this ref:

Most often with SAML implementations, it is not the case that the SAML service is the source of truth, but rather it often acts as a proxy for a directory service, converting that identity and authentication process into a SAML-based flow.

And that directory service is LDAP.

Another reference:

Does LDAP support SAML?
Yes. SAML acts as a communicator that sends assertion data between the SP and IdP to authenticate a user. LDAP, however, is considered an authority that actually does the validation. In that sense, LDAP servers can support SAML protocol by acting as the IdP and authority system.

So it’s clear, SAML is at most an alternative front-end to a directory service which most likely will still be LDAP, not a replacement for LDAP.

1 Like

You’ve never heard of SAML yet you’re responding to a topic about SAML…?

Thank you, but I know the definitions of LDAP and SAML and when and where they’re used.

Hopefully someone else knows the answer or can at least contribute something non-condescendingly helpful.

Remember that SAML is just an authentication protocol, while LDAP provides a general directory service. That is, LDAP has many uses besides just authentication. That alone should tell you that SAML cannot replace LDAP.

We have already replaced LDAP using SAML on numerous projects. You are not knowledgeable enough about this to talk about it.

Asterisk doesn’t include an administrator web interface. What web interface are you referring to?

Here is a description of how Asterisk uses LDAP:

Asterisk can configure SIP/IAX2 users, extensions, queues, queue members, and entire configuration files.

As you can see, no way can SAML be a replacement for all that.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.