Google announced their LDAP service: https://support.google.com/cloudidentity/answer/9089736 and we wanted to see if we could get it working for our users.
However, it requires a client certificate to authenticate to the server, which SimpleSAMLphp doesn't support: https://simplesamlphp.org/docs/stable/ldap:ldap . It seems to only support username/password for client authentication.
It would be nice to be able to support client cert/key for authentication in addition to username/password. OpenLDAP supports it using TLS_CERT and TLS_KEY.
It seems that support for this may have only come into PHP in version 7.1: http://php.net/manual/en/function.ldap-set-option.php
Google announced their LDAP service: https://support.google.com/cloudidentity/answer/9089736 and we wanted to see if we could get it working for our users.
However, it requires a client certificate to authenticate to the server, which SimpleSAMLphp doesn't support: https://simplesamlphp.org/docs/stable/ldap:ldap . It seems to only support username/password for client authentication.
It would be nice to be able to support client cert/key for authentication in addition to username/password. OpenLDAP supports it using TLS_CERT and TLS_KEY.
It seems that support for this may have only come into PHP in version 7.1: http://php.net/manual/en/function.ldap-set-option.php