Web lists-archives.com

Re: Single Sign On for Debian




Le 25/08/2017 à 16:48, Luca Filipozzi a écrit :
> On Fri, Aug 25, 2017 at 10:39:14AM +0200, Clément OUDOT wrote:
>> 2017-08-25 6:59 GMT+02:00 Luca Filipozzi <lfilipoz@xxxxxxxxxx>:
>>> On Wed, Aug 23, 2017 at 09:05:32AM +0200, Xavier wrote:
>>>> Le 23/08/2017 à 08:46, Alexander Wirt a écrit :
>>>>> On Wed, 23 Aug 2017, Philip Hands wrote:
>>>>>
>>>>>> Michael Lustfield <michael@xxxxxxxxxxxxx> writes:
>>>>>>
>>>>>> ...
>>>>>>> Using Gitlab (or any VCS) as the user db for guest accounts means adding a
>>>>>>> dependency that could block future upgrades... kinda like now. This is not a
>>>>>>> future-proof design and will come at a future cost.
>>>>>>
>>>>>> I suspect that Alexander's intent was just to avoid blocking the gitlab
>>>>>> setup on having some SSO solution in place.
>>>>>>
>>>>>> If lemonldap-ng can make use of gitlab's guest data initially, then that
>>>>>> lets the two things be setup independently.
>>>>>>
>>>>>> Once lemonldap-ng is shown to do the job, I doubt it will be a big task
>>>>>> to transfer authority for the guest data into lemonldap-ng's control,
>>>>>> and then have gitlab use lemonldap-ng as it's source of that data.
>>>>> I dont' think Lemonldap-ng does usermanagement on its own.
>>>>> It is a replacement for sso.d.o which allows to have more backends and
>>>>> provides more frontends (like saml, oauth2 and so on)
>>>>>
>>>>> Alex
>>>>
>>>> You're right, LLNG doesn't provide usermanagement. Many user's use
>>>> https://lsc-project.org to populate a LDAP directory from any source.
>>>> Clément Oudot (leader of LLNG community) is also leader of LSC-Project.
>>>> You can ping him if you have any question on this
>>>
>>> LDAP sync isn't what is meant by 'user management'. Rather, it's a
>>> combination of self-empowerment (create account, manage profile, reset
>>> password) and delegation administration (role creation and assignment,
>>> etc.). Keycloak offers some of this functionality. Whatsay I stand up a
>>> demo and we can kick some tires?
>>
>> Keycloack might be a good solution. I suggest you also test
>> FusionDirectory which I often use with LemonLDAP::NG to provide a full
>> identity management solution : https://www.fusiondirectory.org/
> 
> I'll have a look and consider standing it up adjacent to keycloak so we
> can kick the tires of both.
> 
>> I made a presentation about some free softwares products that can be
>> used together for identity management :
>> https://www.slideshare.net/coudot/rmll2017-des-logiciels-libres-pour-la-gestion-des-identits.
>> Sadly it's in french but you have all product names, screenshots and
>> links to websites.
> 
> Merci.
> 
>> For information there will be a lot of presentation on this topic at
>> the next LDAPCon (https://ldapcon.org/2017/). Maybe some people from
>> Debian community can join us at this event.
> 
> I can't but maybe other DSA members can. I mention DSA in particular
> because I personally view the management of LDAP and Identity Provider
> Solutions as fairly core duties of DSA. I have to build consensus with
> my colleagues (so start with a public email, Luca, that's a good idea)
> but the demo is as much for them as for anyone else. (hi guys)

hello,

as the organisator of LDAPcon 2017, we can also make special prices for
Debian DSA guys if they want to come as we are heavy debian users here.

Cheers
-- 
Benoit Mortier
CEO
OpenSides "logiciels libres pour entreprises" : http://www.opensides.eu/
Promouvoir et défendre le Logiciel Libre http://www.april.org/
Main developper in FusionDirectory : http://www.fusiondirectory.org/
Official French representative for OPSI : http://opsi.org/

Attachment: signature.asc
Description: OpenPGP digital signature