On Fri, 2014-04-25 at 07:27 -0500, Chris Whittle wrote:
> Thanks Martin, I found a few notes on FreeIPA and GADS but most were people
> saying not to do it on principal but nothing saying if it's possible or not.
> I like the SAML option, including the mysterious ipsilon (Is there anything
> more than the git repo yet?), but wonder how much control it has.
At the moment no control at all.
> Does it just allow them to SSO using their LDAP credentials?
> If I disable a user in LDAP does it only recognize that only during login
> or is it smart enough to kill their Google Apps sessions and make them
> login again?
At the moment no, in future, perhaps we can develop a plugin that will
call a SSO logout to the remote applications the user logged into, but
this will require the server to be more stateful. This feature is not
available in the current code.
Freeipa-users mailing list