Single login server

Brandon Gillespie brandon at cold.org
Wed Jan 17 14:16:21 MST 2018


Just to play the semantics game (cause we all like THAT guy) ... OAuth 
technically isn't an authentication system, it is an authorization 
system that relies upon an external authentication mechanism to already 
have taken place :)  And OAuth2 just makes it worse (there is a reason 
one of the core people behind it quit and posted saying it is a road to 
hell).

What you want falls into the SSO / single signon space.  I recommend 
SAML (although CAS is another system that works well).

You'll find a few saas vendors (onelogin.com), but also open-source 
projects, like shibboleth.

-Brandon

On 01/17/2018 01:35 PM, Tod Hansmann wrote:
> I'm looking for some sort of single login server.  Not single sign-on.
> That's something this could enable in some cases, but it's not my goal.  I
> just want to have one account that isn't a social media thing.  Ideally it
> would fulfill these:
>
> - Can self host, preferably on Linux
> - Provides OAuth2 and maybe OpenID?
> - Would ideally be something I can use for OS logins on Linux and Windows
> (OSX is a pipe dream), so Kerberos and LDAP I guess?
> - Secure, duh
> - Can control sub-logins, like of my kids.
> - Can preferably revoke access to third parties later, like "I don't want
> site X to have access anymore"
>
> Any thoughts on possibilities if they exist?  Or am I looking at something
> like using OpenLDAP and tacking on OAuth2 access to it?
>
> -Tod Hansmann
> Problem Solver
> www.phonejanitor.com
> 801-618-0059
>
> /*
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
> */




More information about the PLUG mailing list