On Sun, May 17, 2015 at 09:17:02AM +0100, Neil Williams wrote: > https://lists.debian.org/debian-services-admin/2013/11/msg00000.html > Is there any news on how to do this? A year ago I sent these notes to debian-admin, with the intention of documenting the SSO setup and hoping that they would end up somewhere, but it seems that I am the only person working on SSO at all. Here are the notes. Some of those points involve admin involvement, so that's why I was hoping for them to document them. Anyway, admin involvement can be invoked by opening RT tickets: initial notes on how to add a new site to sso.debian.org: 1. Let debsso know about it, then deploy it: http://anonscm.debian.org/gitweb/?p=debian-sso/debian-sso.git;a=commitdiff;h=0b5bceae31f335d6d400a8d6be36939dd984468e 2. Configure apache, see nono:/srv/contributors.debian.org/etc/apache.conf as a simple starting point. 3. Configura dacs, see nono:/srv/contributors.debian.org/etc/dacs/ as a simple starting point. 4. Run the modified ./test-sso from the debsso sources to check if things look ok. More details may show up during the following days as Raphael tries to set up tracker.debian.org No more details showed up at the time: I was kind of hoping that buxy would document his side of the experience. > I'd like to investigate using Debian SSO for a wsgi/django app. That'd be at least known territory, since nm.debian.org and contributors.debian.org at least are django apps deployed via wsgi and using DACS. > Is it easier / possible to use Debian LDAP for authentication directly > instead? (The app already has LDAP support, would just need a bind & > bind password). No, that would not be possible, as it would give to those DDs who manage the webapp access to the cleartext passwords of everyone logging into the site. My long term plan is to switch from DACS to oauth2; we already have an (unmaintained) oauth2 provider set up to support the DebConf site, and we're planning an oauth2 sprint at DebCamp/DebConf[1]. Depending on your planned time frames, you can deploy soon with DACS, or if you intend to deploy after DebConf, you can show up at the oauth2 sprint and see where it goes. [1] https://lists.debian.org/debian-devel/2015/03/msg00175.html Enrico -- GPG key: 4096R/E7AD5568 2009-05-08 Enrico Zini <enrico@enricozini.org>
Attachment:
signature.asc
Description: Digital signature