Hi, I'm trying to set up a hybrid desktop/web identity solution outside the corporate firewall. I'm essentially an enduser and this is well outside my normal wheelhouse. I gather (from http://syncope.apache.org/iam-scenario.html) that Syncope can be used to coordinate multiple identity technologies.
Roughly, here is what I was thinking so far. Please correct my ignorance. * Identities (people) and possibly some groups are centralized nationally, machines/services are defined locally * Authorization is local to the machine/service/application (not Syncope's problem) * Desktop authentication is via Active Directory (Win) or FreeIPA (Linux/Mac); Kerberos-based * Web authentication via Gluu * Likely authentication methods: o PIV smartcard (web or desktop; employees only) o Username/password (web or desktop; employees and partners) o "Social" accounts (google, facebook, ORCID): (web only; employees and partners) As I understand it, Syncope would act as a central registry of users, and I would need it to perform a two-way sync to both AD and Gluu. So the first question would be: Is my understanding correct so far, and is Syncope a good fit? My second question is: allowing login from social accounts leads to "one person, many accounts". Does syncope have a way to recognize that my AD account and my google account belong to the same person (me)? How? Thanks for your time, Bryce This electronic message contains information generated by the USDA solely for the intended recipients. Any unauthorized interception of this message or the use or disclosure of the information it contains may violate the law and subject the violator to civil or criminal penalties. If you believe you have received this message in error, please notify the sender and delete the email immediately.
