Add Shibboleth/oauth2 with upgrade 2.x -> 3x

Hi eveyone.

I’m going to upgrade my indico from 2.x to 3.x, with 2.x I never use shibboleth or any SSO, mostly because when I install the indico I choose nginx.

Now because I will start from a fresh install, I’m thinking to bring shibboleth, and I would like to know what happen with old accounts, does indico will automatically merge accounts according to the email attribute ?

What happen if the shibboleth server are down ? Is that going to use LDAP (I still need that) ?


That depends on how you configure it. You can add multiple AUTH_PROVIDERS like Shibboleth/SAML (I suggest using SAML directly to avoid the need for Apache and all the Shibboleth bloat) and LDAP - in the login form the user can then either enter credentials directly or use the SSO option.

For existing accounts: If there’s a matching email, Indico will offer the user to link the SSO login to their existing account; no duplicate accounts are created so no merging is necessary.

Ok Thanks. Nice I can keep my puppet module (who use nginx) :wink:

Ok, but if the user choose to link the sso login to their existing account, can the user still authenticate against LDAP (or indico internal database) ?

Yes sure, that works fine.