[CentOS-devel] Plans for SSO across centos.org subdomains?

Tue Aug 16 09:49:15 UTC 2016
Karanbir Singh <mail-lists at karan.org>

On 16/08/16 10:30, Fabian Arrotin wrote:
> For existing resources within centos.org that we deployed before ACO was
> available, those were configured to use their built-in users DB. So we
> can invest time to see which are the possibilities to be tied to ACO but
> it needs at least some glue, like for example token/oauth. Actually, ACO
> on its own can't do that (nor is "ldap" compatible) so we need to setup
> something in between (like what's done for the Fedora project) to do
> that, like either ipsilon (https://ipsilon-project.org/) or keycloak
> (http://www.keycloak.org/)

prolly worth looking at keycloak once

> But the remaining issue would then be to have *everybody* signing
> through ACO to get an account that will match with each deployed
> applications (like MantisBT for bugs.centos.org and so on). So you can
> imagine the impact

Would we not be able to rehash the user accounts from bugs.centos.org
over to a.c.o ? and send them all a reminder to set a new password ?

-- 
Karanbir Singh
+44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh
GnuPG Key : http://www.karan.org/publickey.asc