Single login server
brandon at cold.org
Wed Jan 17 14:16:21 MST 2018
Just to play the semantics game (cause we all like THAT guy) ... OAuth
technically isn't an authentication system, it is an authorization
system that relies upon an external authentication mechanism to already
have taken place :) And OAuth2 just makes it worse (there is a reason
one of the core people behind it quit and posted saying it is a road to
What you want falls into the SSO / single signon space. I recommend
SAML (although CAS is another system that works well).
You'll find a few saas vendors (onelogin.com), but also open-source
projects, like shibboleth.
On 01/17/2018 01:35 PM, Tod Hansmann wrote:
> I'm looking for some sort of single login server. Not single sign-on.
> That's something this could enable in some cases, but it's not my goal. I
> just want to have one account that isn't a social media thing. Ideally it
> would fulfill these:
> - Can self host, preferably on Linux
> - Provides OAuth2 and maybe OpenID?
> - Would ideally be something I can use for OS logins on Linux and Windows
> (OSX is a pipe dream), so Kerberos and LDAP I guess?
> - Secure, duh
> - Can control sub-logins, like of my kids.
> - Can preferably revoke access to third parties later, like "I don't want
> site X to have access anymore"
> Any thoughts on possibilities if they exist? Or am I looking at something
> like using OpenLDAP and tacking on OAuth2 access to it?
> -Tod Hansmann
> Problem Solver
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
More information about the PLUG