This is tracking a method for token authentication for 389-ds. This is required so that we can correctly use cookie authentication from a stateless front end application.
The current plan is heavily simplified and far more realistic in terms of what can be achieved and how. This can be found at:
http://www.port389.org/docs/389ds/design/token-auth.html
Original Ticket:
For the rest admin to have a seamless user experience we need a way to authenticate users with some kind of SSO mech when krb5 is not present.
After an investigation, we decided the best approach was to develop our own based on cryptographically sealed tokens such as fernet.
This ticket will track:
Comment by William:
We want this for the new admin console, so it has to be inline with when the team expects us to have the new python / rest admin console done. If that is 1.3.6, than that's okay, but I'm going to get some ground work done for it now regardless
1.3.6 or Rest389 1.0? Setting milestone to 1.3.6 for now.
attachment 0001-Ticket-48707-Draft-Ldap-SSO-Token-proposal.patch
Updated to draft version 1 0001-Ticket-48707-Draft-Ldap-SSO-Token-proposal.2.patch
commit 6ea27bf Writing objects: 100% (8/8), 12.46 KiB | 0 bytes/s, done. Total 8 (delta 1), reused 2 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git cf11fae..6ea27bf master -> master
Metadata Update from @firstyear: - Issue assigned to firstyear - Issue set to the milestone: 1.3.6 backlog
<img alt="0001-Ticket-48707-Update-rfc-to-accomodate-that-authid-is.patch" src="/389-ds-base/issue/raw/files/1c4ff57f06f97521d0a9334fe1a8a015a79cf255b5aff5394d9ab4ed2e3778bb-0001-Ticket-48707-Update-rfc-to-accomodate-that-authid-is.patch" />
Metadata Update from @firstyear: - Issue close_status updated to: None
ack
Metadata Update from @mreynolds: - Custom field reviewstatus adjusted to ack
commit 6fa30ec To ssh://git@pagure.io/389-ds-base.git f9351cf..6fa30ec master -> master
Metadata Update from @mreynolds: - Issue set to the milestone: 1.4 backlog (was: 1.3.6 backlog)
Metadata Update from @firstyear: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
This commit is crashing the server when you delete any entry under cn=config
Metadata Update from @mreynolds: - Issue status updated to: Open (was: Closed)
See https://pagure.io/389-ds-base/issue/50853
This commit is crashing the server when you delete any entry under cn=config See https://pagure.io/389-ds-base/issue/50853
This is now fixed...
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/1797
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.