FSFE Community Database Authentication Server https://id.fsfe.org
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Reinhard Mueller 7b5e3b4b2f Change handling of oic log messages 1 day ago
fsfe_cd_auth Change handling of oic log messages 1 day ago
swagger_docs Remove all code related to changing username and password 6 months ago
test Improve error handling 1 week ago
.dockerignore Change deployment to install as root and run as non-root 7 months ago
.drone.yml Remove unused configuration parameters 5 months ago
.env Remove unused configuration parameters 5 months ago
.gitignore Add .coverage to .gitignore 7 months ago
Dockerfile Add and update license headers 6 months ago
LICENSE Add and update license headers 6 months ago
MANIFEST.in Change name of Python module to fsfe_cd_auth for consistency 7 months ago
Makefile Add and update license headers 6 months ago
Pipfile Introduce rate limits as an anti-spam measure 6 months ago
Pipfile.lock Introduce rate limits as an anti-spam measure 6 months ago
README.md Remove unused configuration parameters 5 months ago
playbook.yml Clean up and improve logging 1 week ago
setup.cfg Don't be afraid of pytest warnings :-) 6 months ago
setup.py Fix name of test directory after rename 6 months ago

README.md

FSFE Community Database Authentication Server

The OpenID Connect Provider for the FSFE Community Database, visible through https://id.fsfe.org/

Introduction

fsfe-cd-auth does e-mail and password verification of users, with connections to fsfe-cd-back and FSFE’s LDAP server. It authenticates users and provides a signed ticket in response, which can be used to access fsfe-cd-front.

Secrets

The following secrets are managed in drone:

ssh_key SSH private key to log into lund.fsfeurope.org Matching public key must be registered at lund.fsfeurope.org:/root/.ssh/authorized_keys
oidcp_password Password for basic authentication at https://id.fsfe.org Must match the secrets with the same name for fsfe-cd-back and fsfe-cd-front
jwt_secret Shared secret for signed JSON Web Tokens used for authentication Must match the secrets with the same name for fsfe-cd-back and fsfe-cd-front
client_salt Salt for the generation of Subject IDs Can be arbitarily assigned, but should remain constant over server rebuilds