Maniphest T5176

Explore IAM solutions for services
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	Southparkfan
	Jan 29 2020, 23:43

Tags

Referenced Files

None

Subscribers

Description

Currently, access to resources like Matomo (in 'piwik' db), mail, Icinga and Phabricator use separate user databases. For mail, T5045 was created a while ago, and by finishing that task accounts are migrated to LDAP.

Ideally, only two databases are present: MediaWiki (CentralAuth) and LDAP databases. Most of the aforementioned services support LDAP authentication, and pretty much all identity providers support LDAP for authentication and SAML for federation. At first glance LDAP only seems to be sufficient for now, but a SAML IdP offers much more functionality.

Related Objects
Search...

		Status	Assigned	Task
		Resolved	John	T5045 Setup LDAP and hook it into mail
		Resolved	Paladox	T5176 Explore IAM solutions for services

Event Timeline

Southparkfan triaged this task as Normal priority.Jan 29 2020, 23:43

Southparkfan created this task.

Herald added subscribers: CnocBride, Reception123. · View Herald TranscriptJan 29 2020, 23:43

Southparkfan moved this task from Backlog to Site Reliability Engineering on the Goal-2020-Jan-Jun board.Jan 29 2020, 23:43

John claimed this task.Feb 13 2020, 19:02

John reassigned this task from John to Paladox.Mar 29 2020, 21:29

John subscribed.

John added a parent task: T5045: Setup LDAP and hook it into mail.Apr 11 2020, 17:49

John moved this task from Radar to New Features/Services on the Site Reliability Engineering board.Apr 13 2020, 14:09

Phabricator will still use oauth (mediawiki) for its auth. I've moved Matomo, Icinga and Grafana to LDAP.