cblgh
commented
7 months ago @bhartshorn thank you for your thoughtfully written issue! i really appreciate when people take the time to understand a project and what may or may not be a suitable addition 🖤
let me look into the links you reference regarding enabling an authentication proxy and i'll get back to you! my initial reaction is that if it is a matter of handling a set of http headers to support such a usecase then it feels like a very reasonable tradeoff and addition c:
how do you see this working for your hackerspace usecase: would you be operating an oauth proxy? or is it already taken care of for the SSO provider you already have?
bhartshorn
decentral1se
Hello! I'm a merveillesian looking to use cerca for a makerspace organization. I installed phpBB and was almost immediately disturbed by the clunkiness and complexity of the admin interface. I think FluxBB is closest to what I want, but it's definitely not a workable solution anymore. I would rather err on the side of too simple, thus cerca!
I'm trying to keep all the IT services behind SSO so folks don't have to keep track of multiple logins. For example right now, I have Dokuwiki and Nextcloud authenticating against Keycloak.
I wouldn't propose adding OIDC or SAML support, that's way beyond the complexity of this project. BUT, there are ways to handle the authentication using a proxy in front of cerca:
My understanding is that the proxy adds some HTTP headers specifying whether the user is authenticated and if so, some identification info. I don't know all the intricacies, but it seems cerca would "just" need to catch the headers and correlate with a user account (creating a new one if necessary).
Would this be a reasonable feature? It could actually be useful for the merveilles community, allowing a proxy to check membership on the Masto instance instead of manually confirming accounts, etc.