Integrate social logins like Facebook to a LDAP directory

For multiple applications, I want to build a centralized account solution. The core consists of some ASP.NET Core web applications. But I also want to include third-party applications like WordPress, GitLab or a XAMPP/HipChat server. My goal: The user creates ONE account, which can be used in all of those applications. So a LDAP server seems the best way for this, since many applications have support for this protocol. This also gaves flexibility for other applications, which may were added later.

The problem here is, that the users should be able to authenticate using common social sites – Especially Facebook. Its state of the art and would increase the conversation rate, cause it’s easier for the users.

Is it possible to integrate social login provider like facebook to LDAP servers like ApacheDS?

As I see the topic, Facebook generates some kind of authentication token, which can be used from the application to verify the identity of the user. In my custom web apps, this is no problem. But for e.g. a XAMPP server, this seems not to work: LDAP requires username/password. But I don’t have this, since there is only a facebook token avaliable. The LDAP server could store this in an attribute. However, this would require to check this token instead of a password on a ldap bind.

On the other side, when I drop the LDAP server and use some framework like ASP.NET Core identity instead, it’s not a big deal. The problem here: I’m not able to use this login for third-party applications. This would require the users to have an additional account for e.g. XAMPP, WordPress and so on, which results in big chaos and is thereby not suiteable for me.

By dropping social support, it works. This seems also not to be a good idea, since those logins are state of the art and I’m targeting younger users, which expect a SSO solution with Facebook or similar providers.

Read more here: Integrate social logins like Facebook to a LDAP directory

Leave a Reply

Your email address will not be published. Required fields are marked *