I have choosen a different approach. I have written three things: * an app, which os doing the authentication and loga the user in. * an appache access handler, which is using my app
My IDP is keycloak. There will be several issues, which you will face with the allura architecture, which I remember: * Password still needs to be checked for some operations * For example, when claiming an E-Mail address, you need to enter the password * The usernames coming through the apache access handler need to be mapped. In my case, the username on the IDP is an E-Mail address, and you don't want to see those in your SVN commits. ;) * On new registrations, you will need to add a page to let the user choose a free username. But in this state, you have a validated E-Mail address from the IDP, but you have no valid session in Allura, as the user is not logged in, yetyetyetyetyet --- ** [tickets:#8275] Proxy server configuration for Single Sign-On** **Status:** open **Milestone:** unreleased **Created:** Thu Apr 04, 2019 05:36 PM UTC by Vrinda **Last Updated:** Thu Apr 04, 2019 05:36 PM UTC **Owner:** nobody Hello, I am looking at setting up a proxy server in front of Allura's gunicorn to enable single sign-on. Could you please help me with a few things: 1. To support 'https' protocol, how do I install SSL certificate for gunicorn? 2. Is there any other configuration I need to do in the application to support https? 3. How can I configure Allura to accept requests only from the proxy server? --- Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/ To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.
