Support ipsilon openidc #732
Conversation
abbra
force-pushed
the
support-ipsilon-openidc
branch
from
f4be4f5 to
0fd3915
Compare
|
It looks like Travis is broken (the same test failed in an unrelated pull request as well). |
|
Yes, unrelated to the pullrequest. Already saw it during the weekend. Will be fixed once I have time again. Then I should also find the time to review this (around next week). I'm sorry that it takes so long. |
abbra
force-pushed
the
support-ipsilon-openidc
branch
from
0fd3915 to
2843922
Compare
|
@SISheogorath thanks. A second patch should probably get into a separate pull request, I'll do that. |
|
Yes, can you please push it into an own branch? I really like your work! |
abbra
force-pushed
the
support-ipsilon-openidc
branch
from
2843922 to
8c88dcb
Compare
|
Done. Solved a conflict with README.md which was just pushed and moved anonymous editing into a separate pull request #734 |
abbra
force-pushed
the
support-ipsilon-openidc
branch
from
8c88dcb to
dda4ebd
Compare
Ipsilon Project (https://ipsilon-project.org/) is a server and a toolkit to configure Apache-based Service Providers. Support sign-in via Ipsilon OpenID Connect Identity Provider. On the Ipsilon side an actual authentication and identity source can be flexibly configured. We expect only three fields to be provided as part of the UserInfo by the Ipsilon: - user name (subject): an account name for an authenticated user - email for the user - _groups: list of groups this user is a member of The Ipsilon authenticator is structured similarly to 'SAML' authenticator but is simpler to configure. Signed-off-by: Alexander Bokovoy <ab@vda.li>
abbra
force-pushed
the
support-ipsilon-openidc
branch
from
dda4ebd to
c33864a
Compare
|
@SISheogorath could you please review this PR? It is sitting for three months already. I'm using this in production for my own setup all this time without any problems. |
|
Sorry for the long delay. I already reviewed it earlier but didn't write stuff down. We run into a problem right now, which is that there are more and more Id providers push into HackMD, invoke more dependencies and this way cause maintenance to become harder over time. Can we change this PR to become a common OpenID provider. As Ipsilon uses OIDC anyways, we can also just build the generic way. This could simplify maintaining things a lot. |
|
A more universal way to use OpenID was implemented by 9f9c408 |
2 participants
This pull request adds support for signing into a Hackmd site with a custom identity provider based on Ipsilon. This allows integrating Hackmd with identity management solutions like FreeIPA or anything LDAP-based on POSIX systems via SSSD.
A benefit of doing so is in reusing existing identity management infrastructure that might be already deployed privately. Both Ipsilon and FreeIPA are free software.