1. Prologin
  2. infra
  3. sadm
  4. Issues
Issue #2 open

Single Sign On

Pierre Bourdon
created an issue

Maybe use Kerberos/LDAP for that?

  • ✔ openresty package with extra lua libs needed for sso
  • presencesync_cacheserver
  • ✔ docs
  • ✔ real-life testing
  • ✗ SSO on IRC (cc Marin Hannache)
  • ✗ SSO on dj_ango (see #78)
  • ✗ SSO on paste

Comments (16)

  1. Rémi Audebert
    • removed assignee

    IP based authentication for django apps may be interesting:

    • User goes to http://app/
    • Django app does DNS reverse lookup to get hostname of the request originator
    • Django app looks into udb to get the user logged into this hostname
    • Django app authenticates this user
  2. Pierre Bourdon reporter

    FYI, you might want to investigate SSO solutions that require minimal application modifications so that you could get it to somewhat work with non-Django apps (if you limit to Django apps, having nice SSO is easy, I'm sure there are already premade apps for that).

    For example, you could use openresty as the reverse proxy for web apps (nginx + lua, basically) and implement the SSO layer in there. That would allow you to pass a trusted X-User-Login header to applications and use that directly for auth.

    In any case, limiting to Django apps really narrows the scope, and I'm not sure if we want this (what about Redmine or wiki for example?)

  3. Log in to comment