Infrastructure Team/Central Login

From Sugar Labs
Jump to navigation Jump to search

Summary

This is initiative to permit a user to access multiple SL resources while providing their credentials (such as userid and password) only once.

Resources to authenticate on

Authenticate front-ends

Preliminary list of possible front-end methods to authenticate users.

  • For now https://obs.sugarlabs.org requires Basic HTTP Auth.
  • CAS, the most common method, with a requirement to provide login/password, is useful for people who are not arriving from a Sugar Shell instance (and so, Sugar's certificate-based method does not work implicitly for them), and for casual visitors or those wishing to avoid the technical work of taking care of user side certificates.
  • Users certificates are useful for people who need to be authenticated from a Sugar Shell where Sugar might perform some authentication routines under the hood.

Authenticate back-end

  • ldap.sugarlabs.org