Single Sign On

Issue #2 open
Pierre Bourdon created an issue

Maybe use Kerberos/LDAP for that?

  • ✔ openresty package with extra lua libs needed for sso
  • presencesync_cacheserver
  • ✔ docs
  • ✔ real-life testing
  • ✗ SSO on IRC (cc @mareo)
  • ✗ SSO on dj_ango (see #78)
  • ✗ SSO on paste

Comments (16)

  1. Rémi Audebert
    • removed responsible

    IP based authentication for django apps may be interesting:

    • User goes to http://app/
    • Django app does DNS reverse lookup to get hostname of the request originator
    • Django app looks into udb to get the user logged into this hostname
    • Django app authenticates this user
  2. Pierre Bourdon reporter

    FYI, you might want to investigate SSO solutions that require minimal application modifications so that you could get it to somewhat work with non-Django apps (if you limit to Django apps, having nice SSO is easy, I'm sure there are already premade apps for that).

    For example, you could use openresty as the reverse proxy for web apps (nginx + lua, basically) and implement the SSO layer in there. That would allow you to pass a trusted X-User-Login header to applications and use that directly for auth.

    In any case, limiting to Django apps really narrows the scope, and I'm not sure if we want this (what about Redmine or wiki for example?)

  3. Alexandre Macabies

    b494dc9 simplifies the lua scripts by putting lua libs into openresty. Stills need the presencesync cache, it's coming next.

  4. Alexandre Macabies

    presencesync cache done, needs to update docs on installing & enabling it. Also, bug: the sso/ folder is not installed in /etc/nginx by any install.py target!

  5. Alexandre Macabies
    • marked as enhancement
    • removed responsible
    • edited description

    @mareo started hacking around UnrealIRCd to add SSO support (auto oper/voice/channel protecion). Needs to be polished & fully integrated into setup (aka documented).

  6. Log in to comment