Successor of the Debian SSO Service
Description of the project
Goal of the project is to design and develop a solution (or enhance the existing sso.d.o) to allow us (Debian) to use it as our project wide SSO solution for projects like nm.d.o, salsa.d.o, paste.d.n and hopefully a lot of others. It should be able to get users from (ud)ldap and another backend. It should also allow creating and selfservice for guest users and DMs. Those users belong into their own backend and should be suffixed with -guest. The current Debian SSO lacks some features that are needed with modern services:
- No Backend for Guests and DMs: currently Debian SSO is using alioth and udldap (the debian internal usermanagement) as backend. Alioth will vanish soon, which means we are lacking a proper backend.
- No self service - since there isn't a backend users aren't able to update their profile, passwords and maybe even SSH Keys
- Lacking support for Oauth2 and/or SAML - most services support one of those two protocols. It would be great to have support at least oauth2
Confirmed Mentor
- Alexander Wirt
How to contact the mentor
- IRC: formorer@oftc
E-Mail: formorer@debian.org
Confirmed co-mentors
- enrico offered to answer questions
- Nicolas Mora
Desirable skills
- Python or Ruby (web)development experience
What the intern will learn
- How to design, evaluate, develop and (hopefully) deploy a crucial service for such a big project like Debian
Application tasks
- Learn about the current solutions ud-ldap and sso.debian.org
- Evaluate existing solutions
- Design a new architecture
- Announce the architecture
- Develop the solution
- Deploy the solution