On Sun, 2014-05-18 at 20:40 -0500, Chris Whittle wrote: > Anything new on ipsilon?
I released 0.2.3: https://fedorahosted.org/ipsilon/ It is still a bit rough on the edges, but can be used. Simo. > On Fri, Apr 25, 2014 at 9:18 AM, Simo Sorce <s...@redhat.com> wrote: > > > On Fri, 2014-04-25 at 10:00 -0400, Dmitri Pal wrote: > > > On 04/25/2014 09:51 AM, Simo Sorce wrote: > > > > On Fri, 2014-04-25 at 09:29 -0400, Dmitri Pal wrote: > > > >> On 04/25/2014 08:39 AM, Simo Sorce wrote: > > > >>> On Fri, 2014-04-25 at 07:27 -0500, Chris Whittle wrote: > > > >>>> Thanks Martin, I found a few notes on FreeIPA and GADS but most > > were people > > > >>>> saying not to do it on principal but nothing saying if it's > > possible or not. > > > >>>> > > > >>>> I like the SAML option, including the mysterious ipsilon (Is there > > anything > > > >>>> more than the git repo yet?), but wonder how much control it has. > > > >>> At the moment no control at all. > > > >>> > > > >>>> Does it just allow them to SSO using their LDAP credentials? > > > >>> Yes. > > > >>> > > > >>>> If I disable a user in LDAP does it only recognize that only during > > login > > > >>>> or is it smart enough to kill their Google Apps sessions and make > > them > > > >>>> login again? > > > >>> At the moment no, in future, perhaps we can develop a plugin that > > will > > > >>> call a SSO logout to the remote applications the user logged into, > > but > > > >>> this will require the server to be more stateful. This feature is not > > > >>> available in the current code. > > > >>> > > > >>> Simo. > > > >>> > > > >>> > > > >>> _______________________________________________ > > > >>> Freeipa-users mailing list > > > >>> Freeipa-users@redhat.com > > > >>> https://www.redhat.com/mailman/listinfo/freeipa-users > > > >> > > > >> Simo, how much Ipsilon is ready for a POC like this? > > > >> I understand it is probably somewhere between alpha and beta quality > > but > > > >> it might be a good exercise to try to set it up for a real use case. > > > >> What do you think? > > > > It can be tried, but I need to write some documentation on how to set > > it > > > > up first :-) > > > > > > > > Simo. > > > > > > > Hint-hint, nudge-nudge :-) > > > > I know, I know. > > I got done with lasso and mod_auth_mellon patches, now I can go back to > > Ipsilon. > > > > If Jan gives me the go, I will cut a first release and start writing > > instruction, file for Fedora packages and all that > > > > Simo. > > > > > > -- > > Simo Sorce * Red Hat, Inc * New York > > > > _______________________________________________ > > Freeipa-users mailing list > > Freeipa-users@redhat.com > > https://www.redhat.com/mailman/listinfo/freeipa-users > > -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users