[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Sandstorm authentication

On 26/07/19 17:19, Laura Arjona Reina wrote:
> Sandstorm allows you to define an organization. You can automatically
> apply some settings to all members of your organization. Users within
> the organization will automatically be able to log in, install apps, and
> create grains.
> Organization membership
> [ ] Users authenticated via email address
> Domain: ____________
> Users with an email address at this domain will be members of this
> server's organization.
> [ ] Users authenticated via Google Apps for Work
> Domain: __________
> Users with a Google Apps for Work account under this domain will be
> members of this server's organization.
> [ ] Users authenticated via LDAP
> Note: disabled because LDAP login is not configured.
> [ ] Users authenticated via SAML
> Note: disabled because SAML login is not configured.
> From the above, I've just ticked the "[X] Users authenticated via email
> address" and added "debian.org" as domain.
> Can you try if it makes a difference in your experience of login in?

That may well have solved my annoyance at time restricted access tokens
(I have closed and reopened browser and site didn't ask me to log in again).
Obviously I should close session and wait until tomorrow to confirm that
it still 'works' (and then close this 'ticket')

> and
> Would that be enough or would you need people with no @debian.org
> address to access too?

I suspect that this is enough for now

> About LDAP, I guess Asheesh knows better about that than me (both in the
> Sandstorm and in the Debian side) so I didn't dare yet to go and try to
> configure the service in Sandstorm (and if it needs some setting in the
> machine, I have no permissions there, I just tweak the web interace),
> but for the case Asheesh cannot find the time to look at this, I will
> try to read the documentation and figure out what can I do (but not
> before debconf19 ends, probably...).

LDAP may well still be the better option (as opposed to a cookie from a
valid d.o email address).  What are your and Asheesh's view on the subject?

> Cheers

Many thanks for your help and fast response


Reply to: