search

stopthessotax / sso-wall-of-shame

A list of vendors that treat single sign-on as a luxury feature, not a core security requirement. This is a fork of robchahin/sso-wall-of-shame (sso.tax)
https://stopthesso.tax/
31 stars 19 forks source link

Add Sensu to SSO wall of shame #71

Closed 1davidmichael closed 5 months ago

1davidmichael commented 9 months ago

Sensu only supports SSO for paid tiers, even when self-hosting. See here for details.

doransmestad commented 5 months ago

Thank you for the submission @1davidmichael - apologizes for my delay in writing you back. This is an interesting case that made me sit back an think for a bit. I'm planning to accept this PR and add Sensu to the list, but it made me realize we probably need to add some extra expectations in that relate to open source projects.

My thinking is that if an open source project does not support SSO or any authentication at all, that's okay. If they do choose to support authentication, but just haven't yet built out SSO but are open to contribution, that's also okay too (i.e. they would not go on this list).

However - if the open source project decides to allow auth (e.g. basic auth), AND they gate SSO behind commercial terms, AND they are unwilling to accept open source contributions for open source SSO, then they should be on this list.

As far as I can tell Sensu does fall into this latter category, so I'll approve and merge this in. Thanks for raising this one up!