Re: Single Sign On for Debian
- Date: Tue, 22 Aug 2017 18:10:39 +0200
- From: Geert Stappers <stappers@xxxxxxxxxxx>
- Subject: Re: Single Sign On for Debian
On Tue, Aug 22, 2017 at 04:29:49PM +0200, gregor herrmann wrote:
> On Tue, 22 Aug 2017 09:45:10 +0200, Alexander Wirt wrote:
> > > There is lemonldap-ng already packaged which provides saml, oauth,
> > > openid-connect, CAS, and more (both identity provider and service
> > > provider). It works with users in ldap but doesn't have a user management
> > > interface.
> > >
> > > We use it at work and it integrates nicely with all kind of webapp
> > > (including gitlab, via oauth).
> > I haven't looked into it. Can lemonldap-ng have multiple backends at the same
> > time?
> > Specifially one LDAP (db.d.o.) Backend and one Oauth2 (gitlab) Backend?
> I haven't used lemonldap-ng but I'd like to add that it's maintained
> in Debian by Xavier Guimard (within the Debian Perl Group) who's also
> part of upstream. I'm sure he's happy to help by answering questions
> and maybe also setup or changes etc. (CC'd).
URL for clicking https://lemonldap-ng.org/welcome/
On Tue, Aug 22, 2017 at 09:30:50AM +0200, Philipp Hug wrote:
> On Aug 22, 2017 8:23 AM, "Luca Filipozzi" <lfilipoz@xxxxxxxxxx> wrote:
> > Has anyone looked at Keycloak? http://www.keycloak.org/
> I have and deployed it for others in production. Not an unreasonable
> I'm running it in production as well. If you need some help to
> evaluate/configure it, just ping me.
What I learned from the Alioth Sprint last weekend
is that DSA previously handed-out a new (test) machine easily.
New policy is handing-out machines for the stage after early tests.
Thing that I hope is that Alioth successors will have the various services
on separate machines. So that we have not again the situation when replacing
a Source Code Management system we also have to replace the machine
with all the -guest accounts.
Don't count on me for that. New tasks I volunteert for during
the Alioth replacement sprint are listmaster and http://gitea.debian.net
maintenance. So most likely nothing new: We all agree that someone else
should do it. And we all respect those who actually do.
Leven en laten leven