reminder: I'm replying linearly (in this case, at the end of a chain of email) and from what I know (keycloak, SAML and OIDC).
On Tue, Apr 07, 2020 at 04:08:37PM +0200, Xavier wrote: > Le 07/04/2020 à 16:02, Enrico Zini a écrit : > > On Tue, Apr 07, 2020 at 03:28:07PM +0200, Xavier wrote: > > > >> With a SSO, I don't think it's a good thing to have a protected app as > >> user database (even if it's possible). Then migration consists to > >> extract gitlab accounts and push them in LDAP (2 branches, one for DD, > >> one for guests) > > > > Ok, please help me to see where that would be an issue. > > It's not an issue. With a SSO we shall probably change this: salsa > accounts will be created on-the-fly using federation mechanism, then > there is only one user database (LDAP with 2 branches) The Debian LDAP is atypical in a variety of ways, it's true. Like LLNG, Keycloak use mappers to pull / transform as necessary. -- Luca Filipozzi
