Firstyear
Firstyear
@yaleman The big question is about some of the CA tests, I don't think the CA is a public interface, so we don't need the key size checks. If anything...
> I don't think it's wrong to ensure that Kanidm's handling of _any_ library results in the minimum standards we expect, but the code that **_creates_** the keys can go...
This wont be capabilities that *you* the admin get to assign, it's capabilities internally that *we* assign to each role type to make it easier for us in future to...
Yes, but unlike LDAP, SAML has huge security risks associated with it in both the implementation and clients. So I want to avoid this *as much as possible* and even...
Because SAML isn't good :)
The tokens will have to be there, else Kanidm wouldn't accept them. api-tokens don't validate unless the server side info is present. More likely this is an access control thing,...
I'd rather it be a proper error than a panic though.
I actually think currently we don't have a way to issue oauth2 sessions for service accounts do we? So we actually need a way to do this first.
The better question, is what are you trying to achieve? That way we can understand how we can design a solution that would work for you.
I think there is already an open issue for service accounts to be able to have oauth2 tokens issued to them, but it's not going to be soon that we...