🎓 Doc Freemo :jpf: 🇳🇱: "@vwbusguy@mastodon.online When i started this I…"

@freemo @oliof SSO is the Identity Provider (IdP) and LDAP is the Data Store layer, managed by an Identity Manager (IDM). LDAP shouldn't be exposed publicly, but SSO and key servers with data sources managed by an IDM are.

**🎓 Doc Freemo 🇳🇱** @freemo@qoto.org · Oct 31, 2022, 18:32

**🎓 Doc Freemo 🇳🇱** @freemo@qoto.org · Oct 31, 2022, 18:32

Oct 31, 2022, 18:32

So what software represents the IDM here?

@oliof@octodon.social

**Scott Williams 🐧** @vwbusguy@mastodon.online · Oct 31, 2022, 18:34

**Scott Williams 🐧** @vwbusguy@mastodon.online · Oct 31, 2022, 18:34

Oct 31, 2022, 18:34

@freemo @oliof FreeIPA is a good one:

https://www.freeipa.org

**🎓 Doc Freemo 🇳🇱** @freemo@qoto.org · Oct 31, 2022, 18:35

**🎓 Doc Freemo 🇳🇱** @freemo@qoto.org · Oct 31, 2022, 18:35

Oct 31, 2022, 18:35

Can you give me a breakdown in your mind of what software fills all the roles in an open source company... Who is the IDM, the identity provider, what software does the SSO, the LDAP, etc... specifically solutions that would work well with open pgp...

Checking out free ipa now.

@oliof@octodon.social

**Scott Williams 🐧** @vwbusguy@mastodon.online · Oct 31, 2022, 18:38

**Scott Williams 🐧** @vwbusguy@mastodon.online · Oct 31, 2022, 18:38

Oct 31, 2022, 18:38

@freemo @oliof That really depends on your org. Last place where I was the Identity Architect, the IDM was internally built. The LDAP was a mix of OpenLDAP and Active Directory that was managed by that IDM tool and Grouper, from common sources. The Identity Provider for SSO was handled by both Apereo CAS and TIER's Shibboleth, and LDAP was also the authentication and authorization source for sssd logins, sudo, etc.

**Scott Williams 🐧** @vwbusguy@mastodon.online · Oct 31, 2022, 18:38

**Scott Williams 🐧** @vwbusguy@mastodon.online · Oct 31, 2022, 18:38

Oct 31, 2022, 18:38

https://www.socallinuxexpo.org/scale12x/presentations/cas-and-shibboleth-open-source-your-identity

@freemo @oliof Many, many years ago (and multiple employers ago), I gave a talk on this at the So Cal Linux Expo:

**🎓 Doc Freemo 🇳🇱** @freemo@qoto.org · Oct 31, 2022, 18:40

**🎓 Doc Freemo 🇳🇱** @freemo@qoto.org · Oct 31, 2022, 18:40

Oct 31, 2022, 18:40

Thanks, all very helpful. I will be rethinking my original plan which was admitidly much simpler.

@oliof@octodon.social

**Scott Williams 🐧** @vwbusguy@mastodon.online · Oct 31, 2022, 18:43

**Scott Williams 🐧** @vwbusguy@mastodon.online · Oct 31, 2022, 18:43

Oct 31, 2022, 18:43

@freemo @oliof Much simpler might be better. I was managing identity for an org with hundreds of thousands of entities. If that's not where you're at, you might not need something as elaborate, but the concepts are still helpful to understand so you'll have an idea of how to eventually grow and scale your stack.

**Scott Williams 🐧** @vwbusguy@mastodon.online · Oct 31, 2022, 18:46

**Scott Williams 🐧** @vwbusguy@mastodon.online · Oct 31, 2022, 18:46

Oct 31, 2022, 18:46

@freemo @oliof One thing I will say is that identity is pretty much always way more complicated to manage than most people imagine it is. A ton of stuff goes into that simple Single Sign On that end users (rightfully) entirely take for granted.

**🎓 Doc Freemo 🇳🇱** @freemo@qoto.org · 2022-10-31T18:47:40Z