DevOps/ansible-role-eom
1
0
Fork 0
Code Issues 18 Pull Requests Actions Packages Projects Releases Wiki Activity

Configure authentication sources #12

New Issue
Closed
opened 2024-12-26 16:56:50 +00:00 by eric · 7 comments
eric commented 2024-12-26 16:56:50 +00:00
Owner
Copy Link

Users will probably prefer not to manage a separate eom.dev account. Services should be configured to utilize external authentication sources for logins.

Users will probably prefer not to manage a separate eom.dev account. Services should be configured to utilize external authentication sources for logins.
eric commented 2024-12-26 17:07:57 +00:00
Author
Owner
Copy Link

Nextcloud

  • Do not allow self-registration
  • Accounts should be created through LDAP
  • External authentication sources must link to an existing account

Gitea

  • Allow self-registration
  • Ensure repositories are secure

Matrix

  • Requires deployment of MAS
  • Do not allow self-registration
  • Synapse does not automatically sync accounts with LDAP

MinIO

Grafana

  • Do not allow self-registration
### Nextcloud - Do not allow self-registration - Accounts should be created through LDAP - External authentication sources must link to an existing account ### Gitea - Allow self-registration - Ensure repositories are secure ### Matrix - Requires deployment of MAS - Do not allow self-registration - Synapse does not automatically sync accounts with LDAP ### MinIO - Do not allow self-registration - See [documentation](https://min.io/docs/minio/linux/operations/external-iam/configure-openid-external-identity-management.html) ### Grafana - Do not allow self-registration
eric started working 2024-12-26 17:09:18 +00:00
eric self-assigned this 2024-12-26 17:09:22 +00:00
eric commented 2024-12-26 17:13:18 +00:00
Author
Owner
Copy Link

Default repo access settings on Gitea seem sufficient.

[Default](https://docs.gitea.com/next/usage/permissions) repo access settings on Gitea seem sufficient.
eric commented 2024-12-26 17:23:57 +00:00
Author
Owner
Copy Link

Ideally, the same authentication sources will be available on every platform.

Ideally, the same authentication sources will be available on every platform.
eric commented 2024-12-26 21:38:13 +00:00
Author
Owner
Copy Link

The Matrix auth service is incompatible with the OpenLDAP authentication source. The legacy OIDC is not compatible with the element-x client. This is probably acceptable for the time being.

The Matrix auth service is incompatible with the OpenLDAP authentication source. The legacy OIDC is not compatible with the element-x client. This is probably acceptable for the time being.
eric stopped working 2024-12-26 22:55:18 +00:00
5 hours 46 minutes
eric commented 2024-12-29 00:12:00 +00:00
Author
Owner
Copy Link

Issues with LDAP and OIDC account linking. This would probably be difficult on other services as well.

Issues with LDAP and OIDC account linking. This would probably be difficult on other services as well.
eric commented 2024-12-29 00:13:59 +00:00
Author
Owner
Copy Link

Could use Nextcloud as OIDC server.

Could use [Nextcloud as OIDC server](https://apps.nextcloud.com/apps/oidc_login).
eric commented 2024-12-30 21:15:36 +00:00
Author
Owner
Copy Link

OIDC is enabled for GitHub users to access Gitea. Other services will, for now, be managed through eom.dev accounts with secure passwords sent through the Nextcloud Secrets app.

OIDC is enabled for GitHub users to access Gitea. Other services will, for now, be managed through eom.dev accounts with secure passwords sent through the Nextcloud Secrets app.
eric closed this issue 2024-12-30 21:15:37 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
eric
1 Participants
Notifications
Total Time Spent: 5 hours 46 minutes
eric
5 hours 46 minutes
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: DevOps/ansible-role-eom#12
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?