On Sun, Feb 11, 2018 at 10:08:31PM +0800, Boyuan Yang wrote: > From a user (non-DD)'s perspective, current best plan should be the > integration > with Salsa GitLab user database. Works on such implementation are surely > needed > though.
Well yes, work is needed, that much has always been clear. At SnowCamp I gave it a try with the help of aurel32. Integrating sso.debian.org with $THING is simple as long as apache can authenticate against $THING. sso.debian.org's codebase just trusts apache's REMOTE_USER variable, and actual authentication is done at apache level. This means that the sso.debian.org codebase does not need to have access to ldap and other authentication backends. We tried deploying libapache2-mod-auth-openidc to authenticate against gitlab, but that ended up in submitting https://bugs.debian.org/891224 Are there other ways in stretch of getting apache to authenticate against gitlab? Enrico  https://wiki.debian.org/DebianEvents/it/2018/SnowCamp -- GPG key: 4096R/634F4BD1E7AD5568 2009-05-08 Enrico Zini <enr...@enricozini.org>
Description: PGP signature