[TYPO3-typo3org] just a quick idea // authentification & authorisation & openid // oath server

Steffen Gebert steffen.gebert at typo3.org
Fri Apr 5 08:03:56 CEST 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Olivier,

I agree that the SSO solution is far from optimal. In my dreams we have
an LDAP directory.

Nevertheless, I personally see no capacity for such a monster project
(however, a project which I would really support and welcome).

Some topics which make me force thinking:
- - What's a stable LDAP solution for our beloved TYPO3 CMS? One which
works without synchronization? Is there any?
- - How to implement groups/projects, which are currently managed by
Redmine? Having them in LDAP would be a seconds, but important step I think.

SimpleSAML mentioned by Thomas sounds like a really nice addition to
that, as I'm sure that most of the applications don't offer an OAuth
integration, thus relying on only OAuth would force us to change from
custom SSO adapters to custom OAuth adapters.

(AFAIK) non of us (=Server Team) has very deep LDAP knowledge. We have
one at our department, so I have basic knowledge. But when it comes to
HA setup (which we are running), I fear that we need far more knowledge
to sleep well (we're running a well working setup at University since ~5
years with one crash, where a split-brain happens and the older state
survived).

Things like that make me really afraid to kick that project off,
although I see the benefit of it. We could think about that, if we have
some experienced people from the community supporting us (IMHO), but I
don't know, what the rest of the team thinks.

Kind regards
Steffen

- -- 
Steffen Gebert
TYPO3 Server Administration Team Member

TYPO3 .... inspiring people to share!
Get involved: http://typo3.org

I work for TYPO3 solely in my spare time. If you think that
my work helps you running your business, you are invited to
send me a donation via PayPal to this email address. Thanks

On 4/4/13 10:16 PM, Olivier Dobberkau wrote:
> Thomas suggest to use simplsaml
> 
> https://twitter.com/tom_noise/status/319893927882805249
> 
> @T3RevNeverEnd at our office we are using LDAP with simplsaml as
> openid/oath server
> 
> http://simplesamlphp.org/
> 
> 
> 
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJRXmlMAAoJEIskG/rSlyw4JxgIAJan+jOiLRxPv7JQrPuKp/o4
mISts5dktUTU0X6EACR04kyRCwW7OgnI5TEy2HIjHAzeFY2C6E/cAEcXk0xCDJlX
PB62BGRVqkxTZPvbv029X3fxEx6Ur/oHe6p1bwqx6ZuWyQ47t74eDNXnsvNvw7EI
kb3m5/B9p91/VT1oXqMkVEjbqWTFMV+cSPmMweBRnOsR2OY8Wv5mhXZV5RHQHHmm
XMCFxpqXgaj/34wBvX+1HT6wwn1BX3SSajsEXv9Ww3BZR2VC+c31hzIkrnYragdg
a4fYp+87Sq+e2wYoRqGc8MBNEeg87EWCDyoCZW3RyAwmwKC+NCvtnXBRt8DkwrI=
=dYKR
-----END PGP SIGNATURE-----

More information about the TYPO3-team-typo3org mailing list