I'm planning use SSO with freeipa and choosing provider between ipsilon-project and keycloack. I tried ipsilon about year ago, there were some bugs. And I see that project almost die. Just 2 commits during the year. But keycloack seems very big and dificult to me. I'm terrified. What do you think? What should I use?
On Jan 18, 2019, at 9:18 PM, Николай Савельев via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
I'm planning use SSO with freeipa and choosing provider between ipsilon-project and keycloack. I tried ipsilon about year ago, there were some bugs. And I see that project almost die. Just 2 commits during the year.
This same project has been on my to-do list. I’d love to collaborate, I do need to start on this soon.
What I’d like to do is integrate it as part of an overall deployment within Kubernetes. The goal eventually would be to manage the entire installation as a Helm install. There are other options using CRDs and so-called “operators”, but just getting a reliable install of everything with Helm would be a great first start.
If it were interesting (for anyone, really), I have a set of scripts that I have been using in a preproduction for running FreeIPA. These are loosely based on the work of Jan Pazdziora did for straight Docker, but none of it would have been possible without his tireless work on the Docker image. I also have a VPN that seems to be running, but there’s a lot of parameterization necessary for that and I think it would be a lot more appropriate to set up that VPN with operators.
I’m using Keycloak and it works fine with FreeIPA. Ipsilon was not mature enough for our use case (which is fine, not everything fits everywhere) but it is much simpler in comparison to Keycloak. As big as it looks, it’s not that much of a beast to deploy and configure; you basically have the same style as IPA: use what you need, leave the rest alone (as long as it is secure by default). Most people find the terminology hard to grasp, but once you got that figured out it’s pretty simple. This terminology in the authentication, authorization and auditing space is universal across most products and systems, so getting to know what’s what is very useful.
John
On 19 Jan 2019, at 07:23, Brian Topping via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
On Jan 18, 2019, at 9:18 PM, Николай Савельев via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
I'm planning use SSO with freeipa and choosing provider between ipsilon-project and keycloack. I tried ipsilon about year ago, there were some bugs. And I see that project almost die. Just 2 commits during the year.
This same project has been on my to-do list. I’d love to collaborate, I do need to start on this soon.
What I’d like to do is integrate it as part of an overall deployment within Kubernetes. The goal eventually would be to manage the entire installation as a Helm install. There are other options using CRDs and so-called “operators”, but just getting a reliable install of everything with Helm would be a great first start.
If it were interesting (for anyone, really), I have a set of scripts that I have been using in a preproduction for running FreeIPA. These are loosely based on the work of Jan Pazdziora did for straight Docker, but none of it would have been possible without his tireless work on the Docker image. I also have a VPN that seems to be running, but there’s a lot of parameterization necessary for that and I think it would be a lot more appropriate to set up that VPN with operators.
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
freeipa-users@lists.fedorahosted.org
-
Brian Topping -
John Keates -
Николай Савельев