On Tue, Apr 07, 2020 at 12:20:40PM +0200, Xavier wrote: > Resume of proposition: > * all users managed by SSO; self-registration authorized with "-guest" > in a distinct LDAP branch > * GitLab becomes a slave of SSO using SAML (or OIDC) > * other applications are protected by handlers/GateKeepers. If LLNG is > chosen, just to add few lines in Nginx configuration > * new applications can be protected using handlers, SAML, CAS, OIDC,... > > <as usual, sorry for my poor English> I greatly appreciate yours and Luca's and Michael's proposals, and offers of help. I would like to avoid stalling progress on sso on things like analysis paralysis, or like sorting out deployment details, as happened in the last years. I'll ask you the same question I asked Luca: is there something in the Salsa proposal that would prevent further experimentation with LLNG and eventually possibly integrating it into the ecosystem, or migrating to it? If not, then we could start with that, which requires no deployment of new software, and on which we can make progress immediately, and buy time for everyone to work out the perfect solution, meanwhile moving on from an unsustainable status quo. As a side effect of an interim on Salsa, services can begin to migrate from client certificates to OIDC, switching to a mode widely used, usable, and flexible standard, which I wouldn't be surprised if it would make things easier when moving to something else later on. Enrico -- GPG key: 4096R/634F4BD1E7AD5568 2009-05-08 Enrico Zini <enrico@enricozini.org>
Attachment:
signature.asc
Description: PGP signature