[CentOS-devel] Plans for SSO across centos.org subdomains?

Tue Aug 16 16:31:28 UTC 2016
Karanbir Singh <mail-lists at karan.org>

On 16/08/16 11:33, Patrick Uiterwijk wrote:
> On Tue, Aug 16, 2016 at 9:49 AM, Karanbir Singh <mail-lists at karan.org> wrote:
>> On 16/08/16 10:30, Fabian Arrotin wrote:
>>> For existing resources within centos.org that we deployed before ACO was
>>> available, those were configured to use their built-in users DB. So we
>>> can invest time to see which are the possibilities to be tied to ACO but
>>> it needs at least some glue, like for example token/oauth. Actually, ACO
>>> on its own can't do that (nor is "ldap" compatible) so we need to setup
>>> something in between (like what's done for the Fedora project) to do
>>> that, like either ipsilon (https://ipsilon-project.org/) or keycloak
>>> (http://www.keycloak.org/)
>>
>> prolly worth looking at keycloak once
> 
> Is there any reason why you're only mentioning Keycloak here?
> Are there any features Ipsilon is missing that would rule it out for
> you, or is there
> some other reason?

mostly since its something I haveto work with in a different scope - but
the fact that it does not work with the accounts backend we have at the
moment is a bit of a blocker :)

> Ipsilon would probably be a better choice for now given your account backend,
> as Fabian already pointed out.

sounds good, can we get some sort of a scope done here ?



-- 
Karanbir Singh
+44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh
GnuPG Key : http://www.karan.org/publickey.asc