idiosync - User database synchronizer¶
Enterprise Single Sign-On (SSO) allows an organisation to maintain a single centralised database of users. Each user can then log in to all of the organisation’s services using the same username and password.
For example: a user may first attempt to access an internal wiki page. The user is redirected to the authentication server, where she enters her username and password, and is then redirected back to view the wiki page. The user subsequently attempts to access a webmail server, which recognises the existing authentication and allows immediate access to the mailbox without a second password prompt.
Overview¶
idiosync
can be used to synchronize user and group definitions
from a central user database (such as FreeIPA or Active
Directory) into the databases used by individual applications (such
as MediaWiki or Request Tracker). idiosync
ensures that
changes in the central user database are immediately reflected into
the individual application databases. For example:
- When a new user is created in the central user database, a corresponding user will automatically be created in the application user database.
- When a user is renamed in the central user database, the corresponding user in the application database will automatically be renamed.
- When a user is added to a group in the central user database, the corresponding user in the application database will automatically be added to the corresponding group.
- When a user is disabled in the central user database, the corresponding user in the application database will automatically be disabled.
All of these changes are reflected immediately. Unlike other
synchronization mechanism, idiosync
does not delay changes until
the user next logs in to the application.
Authentication¶
idiosync
is intended to work in conjunction with an authentication
mechanism such as Kerberos, SAML, or OpenID Connect.
idiosync
is solely responsible for ensuring that the application
database includes correct definitions for all of the relevant users
and groups, and the authentication mechanism is solely responsible for
verifying the users’ credentials.
\ Sort by:\ best rated\ newest\ oldest\
\\
Add a comment\ (markup):
\``code``
, \ code blocks:::
and an indented block after blank line