[Freeipa-users] Free IPA and Google Apps
Dmitri Pal
dpal at redhat.com
Fri Apr 25 14:00:35 UTC 2014
On 04/25/2014 09:51 AM, Simo Sorce wrote:
> On Fri, 2014-04-25 at 09:29 -0400, Dmitri Pal wrote:
>> On 04/25/2014 08:39 AM, Simo Sorce wrote:
>>> On Fri, 2014-04-25 at 07:27 -0500, Chris Whittle wrote:
>>>> Thanks Martin, I found a few notes on FreeIPA and GADS but most were people
>>>> saying not to do it on principal but nothing saying if it's possible or not.
>>>>
>>>> I like the SAML option, including the mysterious ipsilon (Is there anything
>>>> more than the git repo yet?), but wonder how much control it has.
>>> At the moment no control at all.
>>>
>>>> Does it just allow them to SSO using their LDAP credentials?
>>> Yes.
>>>
>>>> If I disable a user in LDAP does it only recognize that only during login
>>>> or is it smart enough to kill their Google Apps sessions and make them
>>>> login again?
>>> At the moment no, in future, perhaps we can develop a plugin that will
>>> call a SSO logout to the remote applications the user logged into, but
>>> this will require the server to be more stateful. This feature is not
>>> available in the current code.
>>>
>>> Simo.
>>>
>>>
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>> Simo, how much Ipsilon is ready for a POC like this?
>> I understand it is probably somewhere between alpha and beta quality but
>> it might be a good exercise to try to set it up for a real use case.
>> What do you think?
> It can be tried, but I need to write some documentation on how to set it
> up first :-)
>
> Simo.
>
Hint-hint, nudge-nudge :-)
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
More information about the Freeipa-users
mailing list