[CentOS-devel] Plans for SSO across centos.org subdomains?
Karanbir Singh
mail-lists at karan.org
Tue Aug 16 09:49:15 UTC 2016
On 16/08/16 10:30, Fabian Arrotin wrote:
> For existing resources within centos.org that we deployed before ACO was
> available, those were configured to use their built-in users DB. So we
> can invest time to see which are the possibilities to be tied to ACO but
> it needs at least some glue, like for example token/oauth. Actually, ACO
> on its own can't do that (nor is "ldap" compatible) so we need to setup
> something in between (like what's done for the Fedora project) to do
> that, like either ipsilon (https://ipsilon-project.org/) or keycloak
> (http://www.keycloak.org/)
prolly worth looking at keycloak once
> But the remaining issue would then be to have *everybody* signing
> through ACO to get an account that will match with each deployed
> applications (like MantisBT for bugs.centos.org and so on). So you can
> imagine the impact
Would we not be able to rehash the user accounts from bugs.centos.org
over to a.c.o ? and send them all a reminder to set a new password ?
--
Karanbir Singh
+44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh
GnuPG Key : http://www.karan.org/publickey.asc
More information about the CentOS-devel
mailing list