Opened 8 years ago
Last modified 11 months ago
#1690 reopened task
Enable single sign-on for Trac instances
| Reported by: | strk | Owned by: | strk |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | SysAdmin/Trac | Keywords: | openid, auth |
| Cc: |
Description
I think we could obtain single-signon among trac instances by setting auth_cookie_path to a shared path, rather than keeping the current per-instance value.
I'm ticketting this rather than doing it directly because I guess changing the cookie auth would disrupt existing sessions, so would like to at least confirm it would work first...
Maybe an approach could be to change the setting in individual instances as soon as authorized cookies are expired (if there's a way to tell from the server)
Change History (4)
comment:1 by , 8 years ago
comment:2 by , 3 years ago
| Resolution: | → wontfix |
|---|---|
| Status: | new → closed |
Not sure what this is about but I imagine it's kinda not relevant now since we don't have too many individual trac instances anymore and all are under ldap anyway.
comment:3 by , 3 years ago
It was about doing the "login" step once and see it valid for all instances. Not a big deal nowadays.
comment:4 by , 11 months ago
| Keywords: | openid auth added |
|---|---|
| Resolution: | wontfix |
| Status: | closed → reopened |
The time might have cone to implement single sign on: https://trac-hacks.org/wiki/OpenIdConnectPlugin
Ideally we'd have a "login via OSGeo ID" button. The auth provider would be implement as a service ( #1824 )
Fir now we saw we could use Gitea as a provider, which we see working to providecauth for Discourse
Worth reading this first: https://trac.edgewall.org/wiki/TracMultipleProjects/ComprehensiveSolution