On 24/11/2015 05:07, Sean McArthur wrote:
> +dev-fxacct
>
> We are working on figuring this out for the company. It's looking like
> the solution for sites that require employee accounts can use Google
> Sign In, and require it to use okta.
Indeed, IIUC Danny has put together a working demo of this using
Google's OpenID Connect login flow, which bridges to Okta and thus auths
against LDAP for @
mozilla.com addresses.
We'll see about putting together a little how-to for other folks to try
out, I hear it was pretty painless to set up.
Cheers,
Ryan
>
ldap.mozilla.org <
http://ldap.mozilla.org>.
> (How
ldap.mozilla.org <
http://ldap.mozilla.org> gets populated is
> out of context).
>
> On Mon, Nov 23, 2015 at 12:18 PM, Schalk Neethling
> <
sneet...@mozilla.com <mailto:
sneet...@mozilla.com>>
> wrote:
>
> > As long as it does not do a 'if in workday' pass or else you shall not
> > pass :)
> >
> > Geo contractors are not in Workday.
> >
> > On Mon, Nov 23, 2015 at 6:47 PM, Peter Bengtsson
> <
pbeng...@mozilla.com <mailto:
pbeng...@mozilla.com>>
> > wrote:
> >
> >> Suppose you use Persona to auth people to your site. Given that
> someone
> >> manages to log in with a @
mozilla.com <
http://mozilla.com> (or
> foundation or mozilla-jp)
> >> they've
> >> proven they're active staff.
> >> If they leave the company, most likely their access to your site,
> under a
> >> staff email address, should cease. E.g. logging in to Air Mozilla
> to see
> >> staff live events. Persona took care of that as each new session got
> >> checked against the provider (e.g.
mozilla.com <
http://mozilla.com>).
> >>
> >> If we switch to FxA we lose this automatic check that Persona
> used to do.
> >> You OAuth sign in a user and set her cookie to last X weeks and
> she'll be
> >> signed in for X weeks. How do you kill that session cookie if she no
> >> longer
> >> has ability to check check email to her @
mozilla.com
> <
http://mozilla.com> address?
> >>
> >> Is there already an established solution for this?
> >>
> >> If not, I'd be up for writing a central solution for talking to our
> >>
ldap.mozilla.org <
http://ldap.mozilla.org> (which is a derivative
> of Workday).
> >> We can either stand up a service that your server can query or we can
> >> stand
> >> up a service that can webhook-post to you.
> >>
> >> What do you think?
> >>
> >>
> >> --
> >> Peter Bengtsson
> >> Mozilla Web Engineering
> >> _______________________________________________
> >> dev-webdev mailing list
> >>
dev-w...@lists.mozilla.org <mailto:
dev-w...@lists.mozilla.org>
> --
> Peter Bengtsson
> Mozilla Web Engineering
> _______________________________________________
> dev-webdev mailing list
>
dev-w...@lists.mozilla.org <mailto:
dev-w...@lists.mozilla.org>
>
https://lists.mozilla.org/listinfo/dev-webdev
>
>
>
> _______________________________________________
> Dev-fxacct mailing list
>
Dev-f...@mozilla.org
>
https://mail.mozilla.org/listinfo/dev-fxacct
>