On Fri, 23 Feb 2018, Enrico Zini wrote: > On Sun, Feb 11, 2018 at 10:08:31PM +0800, Boyuan Yang wrote: > > > From a user (non-DD)'s perspective, current best plan should be the > > integration > > with Salsa GitLab user database. Works on such implementation are surely > > needed > > though. > > Well yes, work is needed, that much has always been clear. > > At SnowCamp I gave it a try with the help of aurel32. > > Integrating sso.debian.org with $THING is simple as long as apache can > authenticate against $THING. sso.debian.org's codebase just trusts > apache's REMOTE_USER variable, and actual authentication is done at > apache level. This means that the sso.debian.org codebase does not need > to have access to ldap and other authentication backends. > > We tried deploying libapache2-mod-auth-openidc to authenticate against > gitlab, but that ended up in submitting https://bugs.debian.org/891224 > > Are there other ways in stretch of getting apache to authenticate > against gitlab? I would wait for the gsoc project. And on the alioth sprint, several people decided against using salsa as backend for sso, but the other way round. So please don't.
Description: PGP signature