Re: Single Sign On for Debian

To: Luca Filipozzi <lfilipoz@debian.org>
Cc: "debian-devel@lists.debian.org" <debian-devel@lists.debian.org>
Subject: Re: Single Sign On for Debian
From: Mathieu Parent <math.parent@gmail.com>
Date: Tue, 22 Aug 2017 09:03:50 +0200
Message-id: <[🔎] CAFX5sbz8=TGP-N5P-2dZoQ=tB9HnxLcNrVe0vU5=XDbhabO1pQ@mail.gmail.com>
In-reply-to: <[🔎] 20170822062214.7zdekw4cqrhjsgoq@snafu.emyr.net>
References: <[🔎] 20170820161607.GP21385@gpm.stappers.nl> <[🔎] 20170820162805.3xetwdavwcwfpuau@snafu.emyr.net> <[🔎] 20170821091805.jchs7453onrmb7u4@enricozini.org> <[🔎] 20170821121951.GH2920@riseup.net> <[🔎] 20170821124849.sns7yoijxstvs7rf@smithers.snow-crash.org> <[🔎] d595d9c493c8c527e6a1661e32d2c593@snyman.info> <[🔎] 20170822062214.7zdekw4cqrhjsgoq@snafu.emyr.net>

Hello,

Le mardi 22 août 2017, Luca Filipozzi <lfilipoz@debian.org> a écrit :
> On Mon, Aug 21, 2017 at 04:35:59PM -0700, Raoul Snyman wrote:
>> On 2017-08-21 5:48, Alexander Wirt wrote:
>> > > I second that: Using LDAP as a single source of truth. It's also
>> > > possible to store SSH keys etc. in LDAP.
>> > Then someone has to go ahead and develop a complete usermangement for
>> > sso.d.o. As it is we can't work with software that is maybe coming at
>> > some
>> > point. Therefore we will start with gitlabs own user management,
>> > combined
>> > with debians ldap.
>> >
>> > But if you do take in point the following things:
>> >
>> > - user self management (lost password, deletion)
>> > - key self management
>> > - api for user manipulation
>> > - oauth2 frontend (sso as oauth2 provider)
>> > - maybe saml frontend (sso as saml provider)
>>
>> Has anyone looked at Keycloak? http://www.keycloak.org/
>
> I have and deployed it for others in production. Not an unreasonable
> option.

There is lemonldap-ng already packaged which provides saml, oauth, openid-connect, CAS, and more (both identity provider and service provider). It works with users in ldap but doesn't have a user management interface.

We use it at work and it integrates nicely with all kind of webapp (including gitlab, via oauth).

Regards

Mathieu Parent

--
Mathieu

Reply to:

Follow-Ups:
- Re: Single Sign On for Debian
  - From: Alexander Wirt <formorer@debian.org>

References:
- Single Sign On for Debian
  - From: Geert Stappers <stappers@stappers.nl>
- Re: Single Sign On for Debian
  - From: Luca Filipozzi <lfilipoz@debian.org>
- Re: Single Sign On for Debian
  - From: Enrico Zini <enrico@enricozini.org>
- Re: Single Sign On for Debian
  - From: Georg Faerber <georg@riseup.net>
- Re: Single Sign On for Debian
  - From: Alexander Wirt <formorer@debian.org>
- Re: Single Sign On for Debian
  - From: Raoul Snyman <raoul@snyman.info>
- Re: Single Sign On for Debian
  - From: Luca Filipozzi <lfilipoz@debian.org>

Prev by Date: Re: Project and User creation is now disabled on alioth.d.o
Next by Date: Re: Single Sign On for Debian
Previous by thread: Re: Single Sign On for Debian
Next by thread: Re: Single Sign On for Debian
Index(es):
- Date
- Thread