[katello-devel] Design of SSO
Lukas Zapletal
lzap at redhat.com
Mon Mar 4 08:36:11 UTC 2013
Thanks for the writeup. Couple of questions:
Why not to store whole OpenID URL instead of just username in the
cookie. It looks more consistent to me. For security reasons, both
applications would need to check the url if it is in expected format.
For security reasons, application<->SSO must be https with server
certificate check (both ends).
Don't we want to condition SSO usage by LDAP? Then there is no need of
asking Katello for authentication. Also migration could be easier - you
can use Foreman as standalone application with LDAP and then add Katello
without any pain of migration user accounts.
LZ
On Fri, Mar 01, 2013 at 02:55:19PM +0100, Marek Hulan wrote:
> Hi all
>
> As a part of US I work on this iteration I created a design wiki page [1] for
> SSO discussed recently. Please take a look and ping me if you have any
> comments or questions.
>
> [1] https://fedorahosted.org/katello/wiki/SingleSignOn
>
> --
> Marek
>
> _______________________________________________
> katello-devel mailing list
> katello-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/katello-devel
--
Later,
Lukas "lzap" Zapletal
#katello #systemengine
More information about the katello-devel
mailing list