Need to be able to blacklist a site from using us as an OpenID provider

Bug #676588 reported by Tom Haddon on 2010-11-17
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Canonical SSO provider
High
Unassigned

Bug Description

Since we're getting close to opening up login.ubuntu.com so that any site can authenticate against it, we need a means of being able to blacklist a site in case we find sites that are flooding us/overwhelming us with auth requests.

Tom Haddon (mthaddon) on 2010-11-17
tags: added: canonical-losa-isd

For the initial release, we're happy to turn the restriction on again if we see problems (we'll keep the sso_restrict_rp setting available for a while). This should be fairly low-traffic at first and we're not planning on announcing anything immediately. I've tagged this with proj-openit to include it in the list of tasks which must be complete before we can consider the general openid service completed.

Changed in canonical-identity-provider:
status: New → Confirmed
importance: Undecided → High
tags: added: proj-openit

We should consider reusing the rpconfig table for this, effectively merging whitelisting and blacklisting activities into one admin area. A few admin improvements to make it easier to see status at a glance and, potentially bulk-manage permissions may also be useful

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Related blueprints