Web lists-archives.com

Re: Raising the problem of Debian Single Sign On + Alioth (again)




On Sun, Feb 11, 2018 at 10:08:31PM +0800, Boyuan Yang wrote:

> From a user (non-DD)'s perspective, current best plan should be the integration
> with Salsa GitLab user database. Works on such implementation are surely needed
> though.

Well yes, work is needed, that much has always been clear.

At SnowCamp[1] I gave it a try with the help of aurel32.

Integrating sso.debian.org with $THING is simple as long as apache can
authenticate against $THING. sso.debian.org's codebase just trusts
apache's REMOTE_USER variable, and actual authentication is done at
apache level. This means that the sso.debian.org codebase does not need
to have access to ldap and other authentication backends.

We tried deploying libapache2-mod-auth-openidc to authenticate against
gitlab, but that ended up in submitting https://bugs.debian.org/891224

Are there other ways in stretch of getting apache to authenticate
against gitlab?


Enrico

[1] https://wiki.debian.org/DebianEvents/it/2018/SnowCamp
-- 
GPG key: 4096R/634F4BD1E7AD5568 2009-05-08 Enrico Zini <enrico@xxxxxxxxxxxxxx>

Attachment: signature.asc
Description: PGP signature