On Fri, 23 Feb 2018, Enrico Zini wrote: > On Sun, Feb 11, 2018 at 10:08:31PM +0800, Boyuan Yang wrote: > > > From a user (non-DD)'s perspective, current best plan should be the integration > > with Salsa GitLab user database. Works on such implementation are surely needed > > though. > > Well yes, work is needed, that much has always been clear. > > At SnowCamp[1] I gave it a try with the help of aurel32. > > Integrating sso.debian.org with $THING is simple as long as apache can > authenticate against $THING. sso.debian.org's codebase just trusts > apache's REMOTE_USER variable, and actual authentication is done at > apache level. This means that the sso.debian.org codebase does not need > to have access to ldap and other authentication backends. > > We tried deploying libapache2-mod-auth-openidc to authenticate against > gitlab, but that ended up in submitting https://bugs.debian.org/891224 > > Are there other ways in stretch of getting apache to authenticate > against gitlab? I would wait for the gsoc project. And on the alioth sprint, several people decided against using salsa as backend for sso, but the other way round. So please don't. Alex
Attachment:
signature.asc
Description: PGP signature