Opened 7 years ago
Last modified 4 months ago
#1824 new task
Setup an OpenID provider using the LDAP database as input
| Reported by: | strk | Owned by: | strk |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | SysAdmin | Keywords: | userid, ldap, openid |
| Cc: |
Description
This may simplify integration of the LDAP users with other services. Could be served by SimpleID and its LDAP plugin (PHP): https://github.com/simpleid/simpleid-ldap
Also, it might be good to plan for "OpenID Connect" (successor of OpenID), while still keeping the LDAP backend, for example via https://github.com/coreos/dex
Change History (10)
comment:1 by , 7 years ago
comment:2 by , 18 months ago
For the record: id.osgeo.org is now a registered subdomain. The current way to set things up is using LXD containers, so simpleid/ldap should probably go in one of these
comment:3 by , 18 months ago
If I had a clue what is involved I might volunteer to do it.
At anyrate, should probably go on osgeo9. Which I'm focussing on putting shared services on.
osgeo8 would be for project specific services.
comment:4 by , 18 months ago
Should just need apache-php and https://github.com/simpleid/simpleid-ldap -- my own OpenID is using SimpleID but not with the LDAP backend, so I don't have more hints about LDAP. Oh, and I use Apache but if you know how to do that you may also opt for nginx.
comment:5 by , 17 months ago
yah I've done lots of php apps behind nginx. I'll take a stab at it on osgeo9 what dns name would you want to opt for since id.osgeo.org is taken.
Perhaps openid.osgeo.org ?
comment:6 by , 17 months ago
I would not really bother with another name. OpenID doesn't need top-level, it can be just id.osgeo.org/openid like we have id.osgeo.org/ldap (and in the future we might also have id.osgeo.org/oauth or something like that...
comment:8 by , 4 months ago
Recent use if OSGeo Gitea as auth provider for OSGeo Discourse showed the advantage of having an OpenID provider and limitations of using a service which is not specifically focused on authentication ( https://discourse.osgeo.org/t/psc-vote-lets-move-this-list-to-discourse/6528/22 )
See also #1690 for a request to use this service for trac login
comment:9 by , 4 months ago
An OSGeo authentication provider could also more easily be usable by third parties, like for instance the mapstodon.space instance, see https://mapstodon.space/@jeremy/111714945533217839
comment:10 by , 4 months ago
| Owner: | changed from to |
|---|
Debian packages exist for both simpleid and its ldap backend: https://packages.debian.org/search?keywords=simpleid
Where could I experiment installing one ? Should it be on "secure" VM (I don't think it needs be). Do we want to register an "id" subdomain ?