Gilles Filippini a écrit le 21/05/2020 à 15:20 :
Gilles Filippini a écrit le 21/05/2020 à 10:47 :
Hi,
As I understand it the OpenID authentication mode available in Mailman3 refers to the now deprecated version 2.0 of the protocol. Am I correct?
Is there any ongoing work to bring support for OpenID Connect?
Well... The answers looks like "no" [1].
Thanks to the django framework I've had some success adding the mozilla-django-oidc module [1].
[1] https://mozilla-django-oidc.readthedocs.io/en/stable/
The login part works very well with our SSO (LemonLDAP::NG), but the logout part - when issued from the SSO portal - is way more tricky, because it seems that the django logout scheme allows POST requests only, while our SSO issues GET requests to the relying parties logout endpoints.
These GET requests trigger the HTTP 405 error. I've tried using this nginx snippet on our reverse proxy side to force the POST method:
location /oidc/logout/ { proxy_method POST; proxy_pass http://my.mailman; }
But then it fails with error 403.
Any idea how I could solve this problem?
Thanks,
_g.