Need to be able to blacklist a site from using us as an OpenID provider

Bug #676588 reported by Tom Haddon
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Canonical SSO provider

Bug Description

Since we're getting close to opening up so that any site can authenticate against it, we need a means of being able to blacklist a site in case we find sites that are flooding us/overwhelming us with auth requests.

Tom Haddon (mthaddon)
tags: added: canonical-losa-isd
Revision history for this message
Stuart Metcalfe (stuartmetcalfe) wrote :

For the initial release, we're happy to turn the restriction on again if we see problems (we'll keep the sso_restrict_rp setting available for a while). This should be fairly low-traffic at first and we're not planning on announcing anything immediately. I've tagged this with proj-openit to include it in the list of tasks which must be complete before we can consider the general openid service completed.

Changed in canonical-identity-provider:
status: New → Confirmed
importance: Undecided → High
tags: added: proj-openit
Revision history for this message
Stuart Metcalfe (stuartmetcalfe) wrote :

We should consider reusing the rpconfig table for this, effectively merging whitelisting and blacklisting activities into one admin area. A few admin improvements to make it easier to see status at a glance and, potentially bulk-manage permissions may also be useful

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Related blueprints