Re: Sandstorm authentication

To: Laura Arjona Reina <larjona@debian.org>, paulproteus@debian.org
Cc: debconf-video@lists.debian.org
Subject: Re: Sandstorm authentication
From: Andy Simpkins <rattusrattus@debian.org>
Date: Fri, 26 Jul 2019 18:42:51 -0300
Message-id: <[🔎] 272551b9-b22b-93f1-c14d-f5b4620c2886@debian.org>
In-reply-to: <[🔎] 7ddfac1b-d604-4c4a-4443-fe0e3eac95cc@debian.org>
References: <[🔎] 3ed20884-409a-60cf-fcd8-afabb6339f88@debian.org> <[🔎] 7ddfac1b-d604-4c4a-4443-fe0e3eac95cc@debian.org>

On 26/07/19 17:19, Laura Arjona Reina wrote:
> Sandstorm allows you to define an organization. You can automatically
> apply some settings to all members of your organization. Users within
> the organization will automatically be able to log in, install apps, and
> create grains.
> 
> Organization membership
> 
> [ ] Users authenticated via email address
> Domain: ____________
> Users with an email address at this domain will be members of this
> server's organization.
> 
> [ ] Users authenticated via Google Apps for Work
> Domain: __________
> Users with a Google Apps for Work account under this domain will be
> members of this server's organization.
> 
> [ ] Users authenticated via LDAP
> Note: disabled because LDAP login is not configured.
> 
> [ ] Users authenticated via SAML
> Note: disabled because SAML login is not configured.
> 
> From the above, I've just ticked the "[X] Users authenticated via email
> address" and added "debian.org" as domain.
> 
> Can you try if it makes a difference in your experience of login in?
> 

That may well have solved my annoyance at time restricted access tokens
(I have closed and reopened browser and site didn't ask me to log in again).
Obviously I should close session and wait until tomorrow to confirm that
it still 'works' (and then close this 'ticket')




> and
> 
> Would that be enough or would you need people with no @debian.org
> address to access too?


I suspect that this is enough for now

> 
> About LDAP, I guess Asheesh knows better about that than me (both in the
> Sandstorm and in the Debian side) so I didn't dare yet to go and try to
> configure the service in Sandstorm (and if it needs some setting in the
> machine, I have no permissions there, I just tweak the web interace),
> but for the case Asheesh cannot find the time to look at this, I will
> try to read the documentation and figure out what can I do (but not
> before debconf19 ends, probably...).

LDAP may well still be the better option (as opposed to a cookie from a
valid d.o email address).  What are your and Asheesh's view on the subject?

> 
> Cheers
> 

Many thanks for your help and fast response

/Andy

Reply to:

References:
- Sandstorm authentication
  - From: Andy Simpkins <rattusrattus@debian.org>
- Re: Sandstorm authentication
  - From: Laura Arjona Reina <larjona@debian.org>

Prev by Date: Re: Sandstorm authentication
Previous by thread: Re: Sandstorm authentication
Index(es):
- Date
- Thread