On Nov 11, 9:24 pm, paul <[EMAIL PROTECTED]> wrote: > Phillip B Oldham schrieb:> Are there any FOSS Python Single-Sign-on Servers? > > [snip] > > > I've searched around but can only seem to find OpenID servers, which > > will probably be too "open" for our needs. > > So if it is not OpenID, which protocol are you going to implement?
In theory, we could use an OpenID server: our staff could register with something like MyOpenID, register with each of our individual webapps, and then gain access with a single sign-on. However, its not really getting round the problem we have: we need to give our staff access to all of our apps in one go, give them one place to sign on, and have the ability to disable their account at short notice. Doing this with openid would mean we have *no* access to the user account and therefore would still have the overhead of having to disable accounts with each webapp we provide. It also opens-up a security threat in that anyone could register to our "internal" apps with an OpenID account. Which is bad. Essentially, we need a SSO server with which we would register our *webapps* and then create user account, specifying which webapps that user has access to, and at what level. Essentially something like OpenSSO but python-based. -- http://mail.python.org/mailman/listinfo/python-list
