Open jenlampton opened 7 years ago
jenlampton
commented
5 years ago I'm seeing lots of these errors in the logs:
Deprecated function: Function mcrypt_generic_init() is deprecated in bakery_encrypt() (line 1690 of bakery/bakery.module).I've applied the patch from the Bakery queue: https://github.com/backdrop-contrib/bakery/issues/8 https://github.com/backdrop-contrib/bakery/pull/9.patch
jenlampton
commented
4 years ago reopening since this has never worked smoothly, and needs to be revisited.
oadaeh
commented
2 years ago Since it's been 2+ years since the last assignment, I would like to see if I can figure this out. I suspect it might require that I have greater access to the main infrastructure and/or set up a local copy of the infrastructure.
What are the next steps?
And what issues are related, to make sure as many scenarios are covered/tested as possible? I see:
stpaultim
commented
2 years ago @oadaeh - I don't know if you are aware, but this issue has been mentioned during dev meetings a few times and @quicksketch has suggested that Bakery module MIGHT not be the best solution anymore and that we might want to look at a different solution.
I don't believe that any decision was made in this regard, but the suggestion has been made.
I suspect, that if we could get Bakery module working quickly, that would be ok. But, my read of the discussion was that we might not want to spend a lot of time on the Bakery module given other alternatives that are now available.
I can't speak to what those alternatives are, someone else would have to do that.
jenlampton
commented
2 years ago I actually disagree with @quicksketch on this one. We have a whole community of people who are capable of helping with Bakery module, and very few people who are both interested and able to help with integrating other systems (let alone evaluating them). I think it's worthwhile to at least evaluate how close we are with bakery. IIRC we had it enabled for docs and www and it was almost working, so it might not take much to get it over the finish line.
quicksketch
commented
2 years ago My preference would be to leverage an authentication system based on SAML, the most common standard for SSO. Wikipedia lists over 100 products that can act as a SAML server, including 20 Open-Source options, some of which have been floated intermittently like Keycloak, CAS, and SimpleSAMLphp.
The benefits of using SAML vs our own custom Bakery include:
The downsides:
From what I can tell in research, of the options I think Keycloak is the most promising Identity Server. Then our various *.backdropcms.org sites could authenticate through it (for example using https://github.com/backdrop-contrib/hybridauth)
But overall, I'm willing to concede to using Bakery anyway -- if only because it's potentially very close, and we haven't even started looking at a SAML-based approach.
yorkshire-pudding
commented
2 years ago One other factor to take into consideration is that getting the Bakery module working would support lots of sites where they have a need to share logins across multiple mini-sites whereas implementing a SAML system that sits outside the familiarity of PHP/MySQL will be unlikely to benefit many, if any, Backdrop sites
oadaeh
commented
2 years ago Okay. Thanks for all that information, but my question wasn't answered: What are the next steps?
Maybe also renaming the issue so that it states the intention of getting SSO working across *.backdropcms.org sites, without including a possible solution in the title, might be a good thing.
jenlampton
commented
2 years ago This issue is about Bakery, if we want to evaluate other things, that should be another issue.
Next steps for Bakery would be turning it on on 2 dev environments, and testing to find out where the problems are. Then investigating how much work to fix them.
On Sat, Mar 12, 2022, 6:40 AM Jason Flatt @.***> wrote:
Okay. Thanks for all that information, but my question wasn't answered: What are the next steps?
Maybe also renaming the issue so that it states the intention of getting SSO working across *.backdropcms.org sites, without including a possible solution in the title, might be a good thing.
— Reply to this email directly, view it on GitHub https://github.com/backdrop-ops/backdropcms.org/issues/332#issuecomment-1065894691, or unsubscribe https://github.com/notifications/unsubscribe-auth/AADBERYZK35HTUPK6755H6LU7SUFBANCNFSM4C5C3HEQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
You are receiving this because you were assigned.Message ID: @.***>
We want to have one master set of user account data. This will include email address, username, and password, but also all other profile data collected on bacldropcms.org.
Users should be able to log-in, using this same username/email/pw combo on any of the backdropcms.org sites, including:
UPDATE: many people were having problems with the bakery module, so it was disabled on all backdrop sites. We should investigate the issues, and attempt to resolve them.