Single Sign On

Comments (16)

1. 

   Antoine Pietri

   We're going to try web SSO using SSL client certs saved in UDB.

   • 2013-07-23T12:47:52+00:00
2. 

   Rémi Audebert

   • marked as minor

   Kerberos/LDAP is maybe not the best if we want to keep prologin-sadm simple and stupid.

   • 2015-02-08T21:13:53+00:00
3. 

   Rémi Audebert

   • removed responsible

   IP based authentication for django apps may be interesting:

   • User goes to http://app/
   • Django app does DNS reverse lookup to get hostname of the request originator
   • Django app looks into udb to get the user logged into this hostname
   • Django app authenticates this user

   • 2015-04-02T12:31:47+00:00
4. 

   Pierre Bourdon reporter

   FYI, you might want to investigate SSO solutions that require minimal application modifications so that you could get it to somewhat work with non-Django apps (if you limit to Django apps, having nice SSO is easy, I'm sure there are already premade apps for that).

   For example, you could use openresty as the reverse proxy for web apps (nginx + lua, basically) and implement the SSO layer in there. That would allow you to pass a trusted X-User-Login header to applications and use that directly for auth.

   In any case, limiting to Django apps really narrows the scope, and I'm not sure if we want this (what about Redmine or wiki for example?)

   • 2015-04-02T12:50:45+00:00
5. 

   Pierre Bourdon reporter

   As an example, googling for "openresty sso" gives me interesting results like https://github.com/Kloadut/SSOwat

   • 2015-04-02T12:51:45+00:00
6. 

   Alexandre Macabies

   • assigned issue to
     
     Alexandre Macabies

   Started in 115533e. Needs a better cache in a standalone presencesync client.

   • 2015-04-11T13:09:31+00:00
7. 

   Alexandre Macabies

   b494dc9 simplifies the lua scripts by putting lua libs into openresty. Stills need the presencesync cache, it's coming next.

   • 2015-04-11T19:07:10+00:00
8. 

   Alexandre Macabies

   presencesync cache done, needs to update docs on installing & enabling it. Also, bug: the sso/ folder is not installed in /etc/nginx by any install.py target!

   • 2015-04-18T18:11:51+00:00
9. 

   Alexandre Macabies

   • edited description

   • 2015-04-18T18:13:47+00:00
10. 

    Alexandre Macabies

    Some nginx & django stuff in pull request #8.

    • 2015-04-18T21:52:24+00:00
11. 

    Alexandre Macabies

    Mostly done now pull request #8 is merged. Will check the paste service before closing that.

    • 2015-04-25T12:39:10+00:00
12. 

    Alexandre Macabies

    • changed status to on hold

    Waiting for paste to be updated.

    • 2015-04-30T07:23:34+00:00
13. 

    Alexandre Macabies

    • changed status to open

    • 2015-04-30T07:24:27+00:00
14. 

    Alexandre Macabies

    • edited description

    • 2015-04-30T07:25:03+00:00
15. 

    Alexandre Macabies

    • marked as enhancement
    • removed responsible
    • edited description

    @mareo started hacking around UnrealIRCd to add SSO support (auto oper/voice/channel protecion). Needs to be polished & fully integrated into setup (aka documented).

    • 2016-05-16T08:31:57+00:00
16. 

    Alexandre Macabies

    • edited description

    • 2016-05-16T08:55:23+00:00
17. Log in to comment