Re: Salsa as authentication provider for Debian
reminder: I'm replying linearly (in this case, at the end of a chain of
email) and from what I know (keycloak, SAML and OIDC).
On Tue, Apr 07, 2020 at 04:08:37PM +0200, Xavier wrote:
> Le 07/04/2020 à 16:02, Enrico Zini a écrit :
> > On Tue, Apr 07, 2020 at 03:28:07PM +0200, Xavier wrote:
> >
> >> With a SSO, I don't think it's a good thing to have a protected app as
> >> user database (even if it's possible). Then migration consists to
> >> extract gitlab accounts and push them in LDAP (2 branches, one for DD,
> >> one for guests)
> >
> > Ok, please help me to see where that would be an issue.
>
> It's not an issue. With a SSO we shall probably change this: salsa
> accounts will be created on-the-fly using federation mechanism, then
> there is only one user database (LDAP with 2 branches)
The Debian LDAP is atypical in a variety of ways, it's true.
Like LLNG, Keycloak use mappers to pull / transform as necessary.
--
Luca Filipozzi
Reply to: