FAQ¶
How to configure Pasee to use my LDAP server?¶
Setup an instance of Kisee
to use it (not implemented yet), and add
this Kisee
instance in the identity_providers
of your Pasee
instance.
In your Kisee backend you could even expose groups or any
meta-informations stored in your LDAP server as JWT claims. Those
claims have to be whitelisted in Pasee
configuration to be kept in
Pasee
-signed tokens (By default, we only trust identities, from
identities backends).
Why a Kisee
identity backend settings uses an array of public keys?¶
To help you rotate a Kisee
private key by allowing both during the
transition.
Can Pasee expose an OAuth2 or OpenID endpoint?¶
Yes, feel free to implement it, see current Twitter
and
Facebook
implementations.
Can Pasee use multiple instances of Kisee
to hit different identity sources?¶
Yes, but a single one can handle registrations from Pasee. If you want
to let your user choose on which Kisee
instance they’re
registering, use the Kisee
API directly for registration instead
of passing registrations thrue Pasee
.
I don’t get it, why do I need a private key on Kisee
and another on Pasee
?¶
Pasee
can use multiple identity providers (OAuth2, OpenID connect,
Pasee
instances), and will even work without a Kisee
backend. As a Kisee
have to sign tokens, and a Pasee
have to
sign tokens too, they both need a private key. You could use the same
private key on every Kisee
and Pasee
instances, it won’t break
the implementation. You can obviously use different ones too.