Skip to content

feat(security): design OIDC and SAML SSO integration path [BACKLOG] #4

Open
Open
feat(security): design OIDC and SAML SSO integration path [BACKLOG]#4
Labels
enhancementNew feature or requestroadmapPlanned roadmap work
Milestone
v1.1.0
@however-yir

Description

@however-yir
however-yir
opened on Apr 28, 2026

Problem

Enterprise teams often need KnowledgeOps Agent to integrate with existing identity providers instead of managing only API keys and local JWT flows.

Status: BACKLOG

Not implementing in current cycle. Requires:

  • Enterprise IdP test accounts (Okta, Azure AD, Keycloak)
  • Spring Security OAuth2 Client is already a dependency (pom.xml) but full SAML support needs spring-security-saml2-service-provider
  • Multi-tenant OIDC claim mapping design

Deferred until

  • At least one enterprise customer requests SSO
  • Tenant RBAC model is finalized
  • Security review of token storage and session management

Original scope

  • Document target OIDC/SAML authentication flows.
  • Define how external identities map to tenants, roles, and permissions.
  • Identify Spring Security configuration changes and migration risks.

Acceptance criteria

  • Architecture notes are added under docs/.
  • Tenant and RBAC mapping strategy is documented.
  • Implementation tasks are split into follow-up issues.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestroadmapPlanned roadmap work

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions