Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
lemonldap-ng
lemonldap-ng
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 244
    • Issues 244
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 3
    • Merge Requests 3
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Snippets
    • Snippets
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • LemonLDAP NG
  • lemonldap-nglemonldap-ng
  • Issues
  • #1161

Closed
Open
Opened Feb 12, 2017 by Clément OUDOT@clement_oudotOwner

Manage access rules for CAS, SAML and OpenID Connect clients

As we are doing a lot of modifications for 2.0, I would like to rethink how we manage access rules and find a way to apply them to all LL::NG clients/applications, not only those protected by Handler.

From my point of view, an application can be authenticated and protected with multiple methods:

  • HTTP headers behind Handlers
  • CAS
  • SAML
  • OpenID Connect

We already implemented a kind of access control for CAS client, when CAS service match on registered virtual host, but this is a kind of hack that we can improve.

CAS code must be rewritten so we can declare CAS servers and CAS services, like we have SAML IDP/SP and OIDC OP/RP.

And for CAS, SAML et OIDC, we should have a new sub branch which is access rules, like we have in virtual host. Not that we already have the "exported attributes" for SAML and OIDC. We just need to add it for CAS.

With this, we could be I think the only SSO and Access Management to act on HTTP Headers, CAS, SAML and OpenID Connect.

Assignee
Assign to
2.0.0
Milestone
2.0.0 (Past due)
Assign milestone
Time tracking
None
Due date
None
Reference: lemonldap-ng/lemonldap-ng#1161