[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Salsa as authentication provider for Debian

reminder: I'm replying linearly (in this case, at the end of a chain of
email) and from what I know (keycloak, SAML and OIDC).

On Tue, Apr 07, 2020 at 04:08:37PM +0200, Xavier wrote:
> Le 07/04/2020 à 16:02, Enrico Zini a écrit :
> > On Tue, Apr 07, 2020 at 03:28:07PM +0200, Xavier wrote:
> > 
> >> With a SSO, I don't think it's a good thing to have a protected app as
> >> user database (even if it's possible). Then migration consists to
> >> extract gitlab accounts and push them in LDAP (2 branches, one for DD,
> >> one for guests)
> > 
> > Ok, please help me to see where that would be an issue.
> 
> It's not an issue. With a SSO we shall probably change this: salsa
> accounts will be created on-the-fly using federation mechanism, then
> there is only one user database (LDAP with 2 branches)

The Debian LDAP is atypical in a variety of ways, it's true.

Like LLNG, Keycloak use mappers to pull / transform as necessary.

-- 
Luca Filipozzi
Reply to: