<div dir="ltr">Awesome... Can ipsilon be installed on the same server as FreeIPA? </div><div class="gmail_extra"> <div class="gmail_quote">On Mon, May 19, 2014 at 7:16 AM, Simo Sorce <<a href="mailto:simo@redhat.com" target="_blank">simo@redhat.com</a>> wrote: <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On Sun, 2014-05-18 at 20:40 -0500, Chris Whittle wrote: > Anything new on ipsilon? I released 0.2.3: <a href="https://fedorahosted.org/ipsilon/" target="_blank">https://fedorahosted.org/ipsilon/</a> It is still a bit rough on the edges, but can be used. Simo. <div class="HOEnZb"><div class="h5"> > On Fri, Apr 25, 2014 at 9:18 AM, Simo Sorce <<a href="mailto:simo@redhat.com">simo@redhat.com</a>> wrote: > > > On Fri, 2014-04-25 at 10:00 -0400, Dmitri Pal wrote: > > > On 04/25/2014 09:51 AM, Simo Sorce wrote: > > > > On Fri, 2014-04-25 at 09:29 -0400, Dmitri Pal wrote: > > > >> On 04/25/2014 08:39 AM, Simo Sorce wrote: > > > >>> On Fri, 2014-04-25 at 07:27 -0500, Chris Whittle wrote: > > > >>>> Thanks Martin, I found a few notes on FreeIPA and GADS but most > > were people > > > >>>> saying not to do it on principal but nothing saying if it's > > possible or not. > > > >>>> > > > >>>> I like the SAML option, including the mysterious ipsilon (Is there > > anything > > > >>>> more than the git repo yet?), but wonder how much control it has. > > > >>> At the moment no control at all. > > > >>> > > > >>>> Does it just allow them to SSO using their LDAP credentials? > > > >>> Yes. > > > >>> > > > >>>> If I disable a user in LDAP does it only recognize that only during > > login > > > >>>> or is it smart enough to kill their Google Apps sessions and make > > them > > > >>>> login again? > > > >>> At the moment no, in future, perhaps we can develop a plugin that > > will > > > >>> call a SSO logout to the remote applications the user logged into, > > but > > > >>> this will require the server to be more stateful. This feature is not > > > >>> available in the current code. > > > >>> > > > >>> Simo. > > > >>> > > > >>> > > > >>> _______________________________________________ > > > >>> Freeipa-users mailing list > > > >>> <a href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a> > > > >>> <a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a> > > > >> > > > >> Simo, how much Ipsilon is ready for a POC like this? > > > >> I understand it is probably somewhere between alpha and beta quality > > but > > > >> it might be a good exercise to try to set it up for a real use case. > > > >> What do you think? > > > > It can be tried, but I need to write some documentation on how to set > > it > > > > up first :-) > > > > > > > > Simo. > > > > > > > Hint-hint, nudge-nudge :-) > > > > I know, I know. > > I got done with lasso and mod_auth_mellon patches, now I can go back to > > Ipsilon. > > > > If Jan gives me the go, I will cut a first release and start writing > > instruction, file for Fedora packages and all that > > > > Simo. > > > > > > -- > > Simo Sorce * Red Hat, Inc * New York > > > > _______________________________________________ > > Freeipa-users mailing list > > <a href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a> > > <a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a> > > -- Simo Sorce * Red Hat, Inc * New York </div></div></blockquote></div> </div>