[Freeipa-users] Free IPA and Google Apps
Chris Whittle
cwhittl at gmail.com
Mon May 19 01:40:51 UTC 2014
Anything new on ipsilon?
On Fri, Apr 25, 2014 at 9:18 AM, Simo Sorce <simo at redhat.com> wrote:
> On Fri, 2014-04-25 at 10:00 -0400, Dmitri Pal wrote:
> > On 04/25/2014 09:51 AM, Simo Sorce wrote:
> > > On Fri, 2014-04-25 at 09:29 -0400, Dmitri Pal wrote:
> > >> On 04/25/2014 08:39 AM, Simo Sorce wrote:
> > >>> On Fri, 2014-04-25 at 07:27 -0500, Chris Whittle wrote:
> > >>>> Thanks Martin, I found a few notes on FreeIPA and GADS but most
> were people
> > >>>> saying not to do it on principal but nothing saying if it's
> possible or not.
> > >>>>
> > >>>> I like the SAML option, including the mysterious ipsilon (Is there
> anything
> > >>>> more than the git repo yet?), but wonder how much control it has.
> > >>> At the moment no control at all.
> > >>>
> > >>>> Does it just allow them to SSO using their LDAP credentials?
> > >>> Yes.
> > >>>
> > >>>> If I disable a user in LDAP does it only recognize that only during
> login
> > >>>> or is it smart enough to kill their Google Apps sessions and make
> them
> > >>>> login again?
> > >>> At the moment no, in future, perhaps we can develop a plugin that
> will
> > >>> call a SSO logout to the remote applications the user logged into,
> but
> > >>> this will require the server to be more stateful. This feature is not
> > >>> available in the current code.
> > >>>
> > >>> Simo.
> > >>>
> > >>>
> > >>> _______________________________________________
> > >>> Freeipa-users mailing list
> > >>> Freeipa-users at redhat.com
> > >>> https://www.redhat.com/mailman/listinfo/freeipa-users
> > >>
> > >> Simo, how much Ipsilon is ready for a POC like this?
> > >> I understand it is probably somewhere between alpha and beta quality
> but
> > >> it might be a good exercise to try to set it up for a real use case.
> > >> What do you think?
> > > It can be tried, but I need to write some documentation on how to set
> it
> > > up first :-)
> > >
> > > Simo.
> > >
> > Hint-hint, nudge-nudge :-)
>
> I know, I know.
> I got done with lasso and mod_auth_mellon patches, now I can go back to
> Ipsilon.
>
> If Jan gives me the go, I will cut a first release and start writing
> instruction, file for Fedora packages and all that
>
> Simo.
>
>
> --
> Simo Sorce * Red Hat, Inc * New York
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140518/c0724b3d/attachment.htm>
More information about the Freeipa-users
mailing list