OMERO authentication support SAML

Dear OMERO Team -
I’m running an omero install that uses LDAP authentication against a directory that I maintain. I’d rather that users could use their institutional credentials to login because then I wouldn’t have to maintain the directory, and they wouldn’t have to remember another username/password combination. When I sent a request to our Information Technology team, they replied to me with the following:
“Does Omero support SAML? If so, as consulted the local IAM team, the recommended approach is to work with the IdP (identity provider) service in the university that is specifically set up for service providers.”

Can someone from the development team provide advice?

Hi @steveo. Welcome to image.sc!

At the moment, no, it does not. I’m not overly familiar with with SAML but I assume it would be relatively straight-forward to implement a SAMLPasswordProvider a la the current LDAPPasswordProvider. The https://docs.openmicroscopy.org/omero/5.5.1/developers/Server/PasswordProvider.html interface is a standard extension mechanism for OMERO.

I imagine though for a more integrated use of SAML, you would want something more akin to single sign-on. Unfortunately, there’s not yet a standard SSO offering.

All the best,
~Josh