On Fri, 2014-04-25 at 09:29 -0400, Dmitri Pal wrote: > On 04/25/2014 08:39 AM, Simo Sorce wrote: > > On Fri, 2014-04-25 at 07:27 -0500, Chris Whittle wrote: > >> Thanks Martin, I found a few notes on FreeIPA and GADS but most were people > >> saying not to do it on principal but nothing saying if it's possible or > >> not. > >> > >> I like the SAML option, including the mysterious ipsilon (Is there anything > >> more than the git repo yet?), but wonder how much control it has. > > At the moment no control at all. > > > >> Does it just allow them to SSO using their LDAP credentials? > > Yes. > > > >> If I disable a user in LDAP does it only recognize that only during login > >> or is it smart enough to kill their Google Apps sessions and make them > >> login again? > > At the moment no, in future, perhaps we can develop a plugin that will > > call a SSO logout to the remote applications the user logged into, but > > this will require the server to be more stateful. This feature is not > > available in the current code. > > > > Simo. > > > > > > _______________________________________________ > > Freeipa-users mailing list > > Freeipaemail@example.com > > https://www.redhat.com/mailman/listinfo/freeipa-users > > > Simo, how much Ipsilon is ready for a POC like this? > I understand it is probably somewhere between alpha and beta quality but > it might be a good exercise to try to set it up for a real use case. > What do you think?
It can be tried, but I need to write some documentation on how to set it up first :-) Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-users