Open Closed

ABP Commercial 5.3.0 - IDS Removal & LDAP Integration #3293


0
mrbrl created
  • ABP Framework version: v5.3.0 Commercial
  • UI type: Blazor
  • DB provider: EF Core
  • Tiered

We are heavily relying on the IDS and LDAP integration in ABP, one of the main reasons we picked the framework. We attempted to update to the last 5.3.0 version today and noticed the LDAP integration has substantially changed, likely in anticipation to remove IDS from the platform. We have a number of projects relying on both IDS and LDAP and the prospect of having it possibly removed from the platform means that we won't be may not be able to update to future ABP versions.

Could you please let us know :

  • What are the migration steps for LDAP in 5.3.x
  • Is LDAP Integration here to stay in future ABP versions?
  • Any plans to keep the IDS support option?
  • Any plans for Commercial IDS support?

Thanks!

announcement below: *'We have announced the plan of replacing the IdentityServer. ABP currently uses IdentityServer4 to add OAuth features as built-in on the server-side. However, since IdentityServer4's support ends at the end of the year 2022. Its replacement is Duende IdentityServer, which is not a free software anymore. (see more)

Therefore, we've decided to completely drop the IdentityServer4 from the ABP platform and implement the OpenIddict and install onto the startup templates.

We've implemented both open source and commercial OpenIddict modules, we plan to remove Identity Server and replace it with OpenIddict for template projects in ABP v6.0. Please check #12084 to see the development made on the open-source side.

We're creating the documentation for the OpenIddict Module, if you want to have general knowledge about this module, you can check the documentation from here. Currently, this is a draft documentation but it gives overall knowledge about the OpenIddict Module, we'll complete this documentation in ABP v6.0 and you'll be able to read it completely.

Currently, we are also working on Keycloak integration possibilities in parallel to the OpenIddict integration research and we've prepared some samples that you can examine. You can see #154 and #158.'*


5 Answer(s)
  • 0
    maliming created
    Support Team

    hi

    What are the migration steps for LDAP in 5.3.x Is LDAP Integration here to stay in future ABP versions?

    The LDAP feature moved to the Identity module after 5.3, It's just that the namespace has changed a bit. It is still available. https://docs.abp.io/en/commercial/latest/modules/identity/ldap

    If you get issues you can share your code and logs.

    Any plans to keep the IDS support option? Any plans for Commercial IDS support?

    I will ask the team about this.

  • 0
    mrbrl created

    Thanks - i did see the very informative thread about the migration after posting this. https://github.com/abpframework/abp/issues/11989 I understand that the platform should be able to plug any identity mechanism. that said - as IDS is already implemented albeit in a tightly coupled fashion that is slowly turning into a loose one, it may be sustainable to port the current IDS option to the new pluggable identity provider mechanism without breaking too much sweat, and leave the option to you grateful userbase to use it for their existing projects for instance - which would continue to benefit from ABP updates. New project may either use the soon to be the supported and free (for now) OpenIdDict - or IDS v4 (even after eos), or IDS 5+ (community or not), or minting custom providers (basic authentication :) )

  • 1
    hikalkan created
    Support Team

    Any plans to keep the IDS support option? Any plans for Commercial IDS support?

    We are not removing IDS packages and will continue to release new versions of IDS related Nuget/NPM packages. That means you won't have an issue while upgrading to v6.0 (when it is released). We will continue to fix bugs in our packages for a while. ABP 7.0 will be based on .NET 7. If IDS continue to work with .NET 7, we will continue to ship nuget packages for our IDS integration.

    BTW, IDS itself is canceling support for the open source IDS in the end of this year. They are moved to Duende IDS you know. We won't migrate to Duende IDS.

  • 0
    mrbrl created

    Thanks for your reply. I have read the thread and glad to know support for IDS 4x will continue even as it hits end of support, as long as .net 7+ does not break it.

    If Duende IDS 5+ integration is the same or very similar to that of IDS 4+, would it be a case to support the IDS5+ integration provided the road ahead is smooth and does not burn too much resources?

    I read the chat ABP had with Duende, and understand the incompatibility that is largely due to business model differences. With that, if the integration effort is more or less the same as keeping IDS4 alive, without tapping on new features that Duende has in stock and provided the API remains largely the same for the ABP use cases, then why not?

  • 0
    hikalkan created
    Support Team

    With that, if the integration effort is more or less the same as keeping IDS4 alive, without tapping on new features that Duende has in stock and provided the API remains largely the same for the ABP use cases, then why not?

    We were considering this scenario. If we provide an option to start a new solution with IDS installed, then it is a huge effort to support multiple auth server option. If we only upgrade packages to Duende IDS for existing customer projects, it also may not worth effort. We have time to make the final decision. It is mostly based on how many customers will want to continue with Duende IDS. We will see, but we can't promise unfortunately.