Re: Single Sign On for Debian
Le mardi 22 août 2017, Luca Filipozzi <email@example.com> a écrit :
> On Mon, Aug 21, 2017 at 04:35:59PM -0700, Raoul Snyman wrote:
>> On 2017-08-21 5:48, Alexander Wirt wrote:
>> > > I second that: Using LDAP as a single source of truth. It's also
>> > > possible to store SSH keys etc. in LDAP.
>> > Then someone has to go ahead and develop a complete usermangement for
>> > sso.d.o. As it is we can't work with software that is maybe coming at
>> > some
>> > point. Therefore we will start with gitlabs own user management,
>> > combined
>> > with debians ldap.
>> > But if you do take in point the following things:
>> > - user self management (lost password, deletion)
>> > - key self management
>> > - api for user manipulation
>> > - oauth2 frontend (sso as oauth2 provider)
>> > - maybe saml frontend (sso as saml provider)
>> Has anyone looked at Keycloak? http://www.keycloak.org/
> I have and deployed it for others in production. Not an unreasonable
There is lemonldap-ng already packaged which provides saml, oauth, openid-connect, CAS, and more (both identity provider and service provider). It works with users in ldap but doesn't have a user management interface.
We use it at work and it integrates nicely with all kind of webapp (including gitlab, via oauth).