[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Salsa as authentication provider for Debian

>>>>> "Russ" == Russ Allbery <rra@debian.org> writes:

    Russ> Luca Filipozzi <lfilipoz@debian.org> writes:
    >> On Fri, Apr 10, 2020 at 11:48:22AM -0400, Sam Hartman wrote:

    >>> * Note that if you want to you can host accounts in gitlab and
    >>> have keycloak act as an OIDC consumer for gitlab.  So, if you
    >>> decide you like Gitlab as an IDP but find you need Keycloak's
    >>> transformations, you can have people login to Keycloak using
    >>> their Gitlab accounts.

    >> I reiterate my point that an SP being an IdP. I don't view using
    >> Debian's Gitlab as an IdP to be a prudent move.

    Russ> I don't understand this objection.  The relying party and the
    Russ> identity provider are certainly different components with
    Russ> different functions, but that doesn't imply that they can't be
    Russ> combined in the same software suite.  There's quite a lot of
    Russ> shared code between an SP and an IdP, so in some sense that's
    Russ> easier than maintaining them as entirely separate projects.

I echo Russ's thoughts exactly.
Russ and I both have a long history in the SSO world, and I think that
if two people who have history say "we don't see the objection," it's
a good idea to explore your objection in significantly more detail than
simply asserting it.

--Sam
Reply to: