Need to be able to blacklist a site from using us as an OpenID provider

Bug #676588 reported by Tom Haddon
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Canonical SSO provider

Bug Description

Since we're getting close to opening up so that any site can authenticate against it, we need a means of being able to blacklist a site in case we find sites that are flooding us/overwhelming us with auth requests.

Tom Haddon (mthaddon)
tags: added: canonical-losa-isd
Revision history for this message
Stuart Metcalfe (stuartmetcalfe) wrote :

For the initial release, we're happy to turn the restriction on again if we see problems (we'll keep the sso_restrict_rp setting available for a while). This should be fairly low-traffic at first and we're not planning on announcing anything immediately. I've tagged this with proj-openit to include it in the list of tasks which must be complete before we can consider the general openid service completed.

Changed in canonical-identity-provider:
status: New → Confirmed
importance: Undecided → High
tags: added: proj-openit
Revision history for this message
Stuart Metcalfe (stuartmetcalfe) wrote :

We should consider reusing the rpconfig table for this, effectively merging whitelisting and blacklisting activities into one admin area. A few admin improvements to make it easier to see status at a glance and, potentially bulk-manage permissions may also be useful

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Related blueprints

Remote bug watches

Bug watches keep track of this bug in other bug trackers.