Created on 2025-03-02.13:15:24 by adam, last changed 2 weeks ago by adam.
Testing if mail-gw still works after enabling SSO
Applied on roadmap. Check email-gw. Logout doesn't redirect back
Left to do: * apply on roadmap.apiote.xyz * check mail gateway
Left to do: * check copying user data after login * replace form with button * check email gateway
change roles everywhere (including roadmap) to without ‘seat’
i.e. * platform * back * window * …
also: https://wiki.roundup-tracker.org/OauthAuthentication
I think there are two main ways: * simple but possibly insecure; * replace login form in roadmap with login button redirecting to SSO * add hook on SSO register to add user to roadmap and dummy password generated/stored in vault * pass user:specificPassword in authorization header to roadmap * difficult: * integrate OIDC into login procedure in roadmap (cf. wiki link)
maybe it can be done in steps: first the simple step, then pass token to roadmap and check OIDC claims in login procedure (still needs users created in hook from SSO, with no password this time and safeguard not to check local password)
* https://wiki.roundup-tracker.org/ShibbolethLogin * https://wiki.roundup-tracker.org/LDAPLogin * https://wiki.roundup-tracker.org/CustomisationExamples #Security
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2025-04-26 12:12:20 | adam | set | status: in-progress -> done-cbb |
| 2025-04-26 12:07:51 | adam | set | messages: + msg34 |
| 2025-04-26 09:49:00 | adam | set | messages: + msg33 |
| 2025-04-22 17:46:42 | adam | set | messages: + msg30 |
| 2025-04-15 08:01:47 | adam | set | messages: + msg29 |
| 2025-04-12 16:01:58 | adam | set | messages: + msg28 |
| 2025-04-12 11:29:24 | adam | set | status: chatting -> in-progress |
| 2025-04-04 11:45:37 | adam | set | messages: + msg15 |
| 2025-03-18 11:15:17 | adam | set | messages: + msg6 |
| 2025-03-02 13:15:24 | adam | create | |