Good lord I remember how complicated and jargon-filled shibboleth was last I looked at it. I can't imagine trying to use that for a website (replacing "Login with Facebook" with "Login with your favorite shibboleth host!") or my PCs. I mean, either of those, let alone both. Is that really the best we've created as an open source community?
-Tod Hansmann Problem Solver www.phonejanitor.com 801-618-0059 On Wed, Jan 17, 2018 at 2:16 PM, Brandon Gillespie <[email protected]> wrote: > Just to play the semantics game (cause we all like THAT guy) ... OAuth > technically isn't an authentication system, it is an authorization system > that relies upon an external authentication mechanism to already have taken > place :) And OAuth2 just makes it worse (there is a reason one of the core > people behind it quit and posted saying it is a road to hell). > > What you want falls into the SSO / single signon space. I recommend SAML > (although CAS is another system that works well). > > You'll find a few saas vendors (onelogin.com), but also open-source > projects, like shibboleth. > > -Brandon > > > On 01/17/2018 01:35 PM, Tod Hansmann wrote: > >> I'm looking for some sort of single login server. Not single sign-on. >> That's something this could enable in some cases, but it's not my goal. I >> just want to have one account that isn't a social media thing. Ideally it >> would fulfill these: >> >> - Can self host, preferably on Linux >> - Provides OAuth2 and maybe OpenID? >> - Would ideally be something I can use for OS logins on Linux and Windows >> (OSX is a pipe dream), so Kerberos and LDAP I guess? >> - Secure, duh >> - Can control sub-logins, like of my kids. >> - Can preferably revoke access to third parties later, like "I don't want >> site X to have access anymore" >> >> Any thoughts on possibilities if they exist? Or am I looking at something >> like using OpenLDAP and tacking on OAuth2 access to it? >> >> -Tod Hansmann >> Problem Solver >> www.phonejanitor.com >> 801-618-0059 >> > /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
