[CentOS-devel] Plans for SSO across centos.org subdomains?

Patrick Uiterwijk

puiterwijk at redhat.com
Tue Aug 16 10:33:51 UTC 2016

On Tue, Aug 16, 2016 at 9:49 AM, Karanbir Singh <mail-lists at karan.org> wrote:
> On 16/08/16 10:30, Fabian Arrotin wrote:
>> For existing resources within centos.org that we deployed before ACO was
>> available, those were configured to use their built-in users DB. So we
>> can invest time to see which are the possibilities to be tied to ACO but
>> it needs at least some glue, like for example token/oauth. Actually, ACO
>> on its own can't do that (nor is "ldap" compatible) so we need to setup
>> something in between (like what's done for the Fedora project) to do
>> that, like either ipsilon (https://ipsilon-project.org/) or keycloak
>> (http://www.keycloak.org/)
> prolly worth looking at keycloak once

Is there any reason why you're only mentioning Keycloak here?
Are there any features Ipsilon is missing that would rule it out for
you, or is there
some other reason?

Ipsilon would probably be a better choice for now given your account backend,
as Fabian already pointed out.

>> But the remaining issue would then be to have *everybody* signing
>> through ACO to get an account that will match with each deployed
>> applications (like MantisBT for bugs.centos.org and so on). So you can
>> imagine the impact
> Would we not be able to rehash the user accounts from bugs.centos.org
> over to a.c.o ? and send them all a reminder to set a new password ?
> --
> Karanbir Singh
> +44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh
> GnuPG Key : http://www.karan.org/publickey.asc
> _______________________________________________
> CentOS-devel mailing list
> CentOS-devel at centos.org
> https://lists.centos.org/mailman/listinfo/centos-devel

More information about the CentOS-devel mailing list