On Thu, Jul 21, 2011 at 09:04:45AM +0530, Rahul Sundaram wrote:
On 07/21/2011 04:20 AM, Toshio Kuratomi wrote:
> Will you want single sign on (meaning if you log into pkgdb, you are also
> logged into askbot)? If not, I would suggest we try and use the openid
> support in askbot with the fas openid provider. That way we may be able to
> eliminate the need to maintain the fas auth plugin.
I think single sign on will make Askbot more integrated with Fedora and
fas auth plugin code is pretty small
https://github.com/pjps/fasauth/
Okay... If we want single sign on we'd also need to run it at something like
https://admin.fedoraproject.org/askbot as cookies are only sent back to the
same domain as they come from (we can't remove the admin and use
fedoraproject.org either as we have less secure servers on
fedoraproject.org
[like
publictestXX.fedoraproject.org] and wouldn't want user's session
cookies to go to those boxes.) But if that's also okay, then the plugin
does have value. We'll have to set it to use the tg-visit session cookie as
a way to verify the user.
-Toshio