sso
sso copied to clipboard
buzzfeed
sso, aka S.S.Octopus, aka octoboi, is a single sign-on solution for securing internal services
**Is your feature request related to a problem? Please describe.** The public key-based request signing functionality added to sso_proxy in https://github.com/buzzfeed/sso/pull/106 is undocumented. In particular, it's not immediately obvious how...
**Is your feature request related to a problem? Please describe.** I saw a couple available environment variables with only a small description about what they are good for. One doesn't...
**Is your feature request related to a problem? Please describe.** Storing sensitive configuration in an environment variables is not considered as best practices. **Describe the solution you'd like** Allow reading...
**Is your feature request related to a problem? Please describe.** ability to force redirect HTTP to HTTPS **Describe the solution you'd like** oauth2_proxy was going to implement here: https://github.com/bitly/oauth2_proxy/pull/324 **Describe...
**Is your feature request related to a problem? Please describe.** Yes, we recently had a production issue with `sso_proxy` in which it was 5xx'ing and it was not immediately apparent...
**Is your feature request related to a problem? Please describe.** It would be great to have Prometheus metrics for better visibility into the behaviour and performance of `sso`. **Describe the...
As pointed out in #125, there are many places where it is hard to debug especially around validation of groups. We should make sure we have thorough logging throughout. An...
**Describe the bug** When using google groups to authorize users for certain upstream services , if a user outside the google group try to login , it gets "Permission denied"...
**Is your feature request related to a problem? Please describe.** Let's say I have three Kubernetes Clusters, A, B and C. I have services I want to protect on all...
Azure AD has massive tokens. It's obnoxious and unnecessary, but Microsoft isn't going to change this. Cookie compression helps, and cookie spanning solves most of the rest of the problem,...
