On 04/25/2014 08:39 AM, Simo Sorce wrote:
On Fri, 2014-04-25 at 07:27 -0500, Chris Whittle wrote:
Thanks Martin, I found a few notes on FreeIPA and GADS but most were people
saying not to do it on principal but nothing saying if it's possible or not.
I like the SAML option, including the mysterious ipsilon (Is there anything
more than the git repo yet?), but wonder how much control it has.
At the moment no control at all.
Does it just allow them to SSO using their LDAP credentials?
Yes.
If I disable a user in LDAP does it only recognize that only during login
or is it smart enough to kill their Google Apps sessions and make them
login again?
At the moment no, in future, perhaps we can develop a plugin that will
call a SSO logout to the remote applications the user logged into, but
this will require the server to be more stateful. This feature is not
available in the current code.
Simo.
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Simo, how much Ipsilon is ready for a POC like this?
I understand it is probably somewhere between alpha and beta quality but
it might be a good exercise to try to set it up for a real use case.
What do you think?
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
