[FrontPage] [TitleIndex] [WordIndex

This is a read-only archived version of wiki.centos.org

Current situation for CentOS.org infra

Actually we have decided to use FAS as the authentication backend for various services within CentOS.org infra. The goal is to slowly migrate existing services to that new setup and so have SSO available within centos.org. The entry point for our own instance is https://accounts.centos.org (also referenced as ACO to not confuse Fedora users with FAS itself, as they are independant and not federated) Currently, FAS/ACO doesn't provide "standard" API layer for authentication, like LDAP as an example, nor kerberos.

FAS/ACO by itself is currently providing :

The idea is to use an openid/saml2 proxy that would use our ACO backend (so acting like an IdP). The proposed solution would be Ipsilon as it's the only IdP that has a FAS backend plugin available (and that's what is used within the Fedora project infrastructure too) If an application doesn't support natively openid/saml2 tokens, we can also use http_auth and then let httpd/apache handle the authentication too (but integration would then be minimal so openid/saml2 should always be preferred). That would be possible through modules like mod_auth_openid as an example, so redirecting http_auth through that module against Ipsilon (so http_auth -> openid (Ipsilon) -> ACO)

Here is a list of the services we'd like to slowly integrate with ACO:

We'll list all those here with the possible solution for each service

CentOS Community Build Service

Git Repositories

CentOS Bug Tracker

CI/CD project

CentOS forums

CentOS wiki

Centralized blogging platform

Infra kanboard service

CentOS monitoring service

CentOS [[https://wiki.centos.org/DevCloud|DevCloud]]

2023-09-11 07:22