This is I think a rather broad question, looking for a suggestion or recomendation. Also, I will apollogize in advance because probably the question has mistakes in it’s own, considering my unknowlege of this topics.
We are trying to connect several apps and systems to our Invenio instance, to propose it as a central service of several universities organizations. One of the main issues is regarding to users authentication.
We already use invenio_oauth2server to connect Angular apps users, but also users of a MongoDb/NodeJs/React stack to our Invenio. But those are internal developments. The real problem came with deployments of other systems, some are requesting a full OpenId implementation and others SAML/Shibboleth.
Regarding OpenId, there is a way of implementing OpenId using the invenio_oauth2server?, there is a plan for invenio of doing such thing?
About saml, we saw some libraries like flask_saml2 that probably could help us to use invenio as an identity provider for other systems.
But really the question is more if we are getting in a feasible direction. In the sense that there are full single sign on solutions, and in a way, we are trying to use Invenio in part as a SSO.
Just reposting my answer from the chat here:
So, Invenio was never intended to be an SSO…….only intention was to support mulitple ways of authenticating into Invenio, as people have different providers…….invenio has a concept of a local user, and all external auth providers is linked to that local account