Just to play the semantics game (cause we all like THAT guy) ... OAuth
technically isn't an authentication system, it is an authorization
system that relies upon an external authentication mechanism to already
have taken place :) And OAuth2 just makes it worse (there is a reason
one of the core people behind it quit and posted saying it is a road to
hell).
What you want falls into the SSO / single signon space. I recommend
SAML (although CAS is another system that works well).
You'll find a few saas vendors (onelogin.com), but also open-source
projects, like shibboleth.
-Brandon
On 01/17/2018 01:35 PM, Tod Hansmann wrote:
I'm looking for some sort of single login server. Not single sign-on.
That's something this could enable in some cases, but it's not my goal. I
just want to have one account that isn't a social media thing. Ideally it
would fulfill these:
- Can self host, preferably on Linux
- Provides OAuth2 and maybe OpenID?
- Would ideally be something I can use for OS logins on Linux and Windows
(OSX is a pipe dream), so Kerberos and LDAP I guess?
- Secure, duh
- Can control sub-logins, like of my kids.
- Can preferably revoke access to third parties later, like "I don't want
site X to have access anymore"
Any thoughts on possibilities if they exist? Or am I looking at something
like using OpenLDAP and tacking on OAuth2 access to it?
-Tod Hansmann
Problem Solver
www.phonejanitor.com
801-618-0059
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/
