[Freeipa-users] Free IPA and Google Apps
Simo Sorce
ssorce at redhat.com
Fri Apr 25 12:39:25 UTC 2014
On Fri, 2014-04-25 at 07:27 -0500, Chris Whittle wrote:
> Thanks Martin, I found a few notes on FreeIPA and GADS but most were people
> saying not to do it on principal but nothing saying if it's possible or not.
>
> I like the SAML option, including the mysterious ipsilon (Is there anything
> more than the git repo yet?), but wonder how much control it has.
At the moment no control at all.
> Does it just allow them to SSO using their LDAP credentials?
Yes.
> If I disable a user in LDAP does it only recognize that only during login
> or is it smart enough to kill their Google Apps sessions and make them
> login again?
At the moment no, in future, perhaps we can develop a plugin that will
call a SSO logout to the remote applications the user logged into, but
this will require the server to be more stateful. This feature is not
available in the current code.
Simo.
More information about the Freeipa-users
mailing list