[Alioth-staff-replacement] salsa + sso.debian.org

Wed Oct 25 06:24:35 UTC 2017

On Tue, Oct 24, 2017 at 7:45 PM, Michael Stapelberg
<stapelberg at debian.org> wrote:
> [+cc luca]
>
> On Tue, Oct 24, 2017 at 6:29 PM, Michael Stapelberg
> <stapelberg at debian.org> wrote:
>> Hey,
>>
>> this topic has been discussed informally on IRC in the past, but I
>> figured it would be good to start an email thread to get us all on the
>> same page.
>>
>> I would like to have GitLab (salsa) use sso.debian.org for
>> authenticating users. That way, DDs and guests alike don’t need to
>> have yet another account. My longer-term hope is that by leading by
>> example, other Debian web applications follow suit.
>>
>> To that end, I have evaluated approaches and came up with a proposal
>> at https://wiki.debian.org/Salsa/SSO#A2017-10-24_suggestion_to_deploy_dex_on_sso.debian.org
>>
>> I have presented this to DSA and hope to move forward with the test
>> setup on sso.d.o soon.
>>
>> I have the following open questions:
>>
>> 1. Who could help me with configuring GitLab on salsa such that it
>> authenticates against sso.d.o? I verified a working config and
>> described it at https://michael.stapelberg.de/Artikel/gitlab-with-dex
>>
>> 2. Philipp Kaluza, I see that you have recently been working on
>> https://salsa.debian.org/pixelpapst-guest/gitlab_newuser (thanks!). Do
>> you think it would be possible to make your app a little more generic
>> by deploying it on sso.d.o and thereby allowing guest accounts to
>> eventually use a variety of services, not just GitLab?

I have been made aware of Keycloak, which seems like a promising
off-the-shelf solution for doing this. Luca and I will look more into
it this weekend, so it might be wise to wait with any adjustments to
gitlab_newuser until afterwards.

We’ll keep you posted.

>>
>> 3. Are there any open questions or concerns?
>>
>> --
>> Best regards,
>> Michael
>
>
>
> --
> Best regards,
> Michael

-- 
Best regards,
Michael