Opened 9 years ago

Last modified 12 months ago

#1690 reopened task

Enable single sign-on for Trac instances

Reported by: strk Owned by: strk
Priority: normal Milestone:
Component: SysAdmin/Trac Keywords: openid, auth
Cc:

Description

I think we could obtain single-signon among trac instances by setting auth_cookie_path to a shared path, rather than keeping the current per-instance value.

I'm ticketting this rather than doing it directly because I guess changing the cookie auth would disrupt existing sessions, so would like to at least confirm it would work first...

Maybe an approach could be to change the setting in individual instances as soon as authorized cookies are expired (if there's a way to tell from the server)

Change History (4)

comment:2 by robe, 3 years ago

Resolution: wontfix
Status: newclosed

Not sure what this is about but I imagine it's kinda not relevant now since we don't have too many individual trac instances anymore and all are under ldap anyway.

comment:3 by strk, 3 years ago

It was about doing the "login" step once and see it valid for all instances. Not a big deal nowadays.

comment:4 by strk, 12 months ago

Keywords: openid auth added
Resolution: wontfix
Status: closedreopened

The time might have cone to implement single sign on: https://trac-hacks.org/wiki/OpenIdConnectPlugin

Ideally we'd have a "login via OSGeo ID" button. The auth provider would be implement as a service ( #1824 )

Fir now we saw we could use Gitea as a provider, which we see working to providecauth for Discourse

Note: See TracTickets for help on using tickets.