buzzfeed/sso Docker Image Overview

buzzfeed/sso

自动构建

BuzzFeed's S.S. Octopus.

8 收藏0 次下载

🔒 更安全的专业镜像服务

镜像简介版本下载

🔒 更安全的专业镜像服务

sso

See our launch blog post for more information!

![CircleCI]([] ![MIT license]([] ![Docker Automated build]([***]

Please take the SSO Community Survey to let us know how we're doing, and to help us plan our roadmap!

sso — lovingly known as the S.S. Octopus or octoboi — is the authentication and authorization system BuzzFeed developed to provide a secure, single sign-on experience for access to the many internal web apps used by our employees.

It depends on Google as its authoritative OAuth2 provider, and authenticates users against a specific email domain. Further authorization based on Google Group membership can be required on a per-upstream basis.

The main idea behind sso is a "double OAuth2" flow, where sso-auth is the OAuth2 provider for sso-proxy and Google is the OAuth2 provider for sso-auth.

In a nutshell:

If a user visits an sso-proxy-protected service (foo.sso.example.com) and does not have a session cookie, they are redirected to sso-auth (sso-auth.example.com).
- If the user does not have a session cookie for sso-auth, they are prompted to log in via the usual Google OAuth2 flow, and then redirected back to sso-proxy where they will now be logged in (to foo.sso.example.com)
- If the user does have a session cookie for sso-auth (e.g. they have already logged into bar.sso.example.com), they are transparently redirected back to proxy where they will be logged in, without needing to go through the Google OAuth2 flow
sso-proxy transparently re-validates & refreshes the user's session with sso-auth

Installation

Prebuilt binary releases
Docker
go get github.com/buzzfeed/sso/cmd/...

Quickstart

Follow our Quickstart guide to spin up a local deployment of sso to get a feel for how it works!

Code of Conduct

Help us keep sso open and inclusive. Please read and follow our Code of Conduct.

Contributing

Contributions to sso are welcome! Please follow our contribution guideline.

Issues

Please file any issues you find in our issue tracker.

Security Vulns

If you come across any security vulnerabilities with the sso repo or software, please email ***. In your email, please request access to our bug bounty program so we can compensate you for any valid issues reported.

Maintainers

sso is actively maintained by the BuzzFeed Infrastructure teams.

查看更多 sso 相关镜像 →

buzzfeed/sso-dev

BuzzFeed开发的认证授权系统，提供安全的单点登录体验，依赖Google作为OAuth2提供商，基于Google Group成员资格进行授权，通过sso-auth和sso-proxy的“双OAuth2”流程实现跨应用无缝登录。

1M+ pulls

上次更新：未知

轩辕镜像配置手册

探索更多轩辕镜像的使用方法，找到最适合您系统的配置方式

登录仓库拉取

通过 Docker 登录认证访问私有仓库

Linux

在 Linux 系统配置镜像服务

Windows/Mac

在 Docker Desktop 配置镜像

Docker Compose

Docker Compose 项目配置

K8s Containerd

Kubernetes 集群配置 Containerd

K3s

K3s 轻量级 Kubernetes 镜像加速

Dev Containers

VS Code Dev Containers 配置

MacOS OrbStack

MacOS OrbStack 容器配置

宝塔面板

在宝塔面板一键配置镜像

群晖

Synology 群晖 NAS 配置

飞牛

飞牛 fnOS 系统配置镜像

极空间

极空间 NAS 系统配置服务

爱快路由

爱快 iKuai 路由系统配置

绿联

绿联 NAS 系统配置镜像

威联通

QNAP 威联通 NAS 配置

Podman

Podman 容器引擎配置

Singularity/Apptainer

HPC 科学计算容器配置

其他仓库配置

ghcr、Quay、nvcr 等镜像仓库

专属域名拉取

无需登录使用专属域名

需要其他帮助？请查看我们的常见问题Docker 镜像访问常见问题解答或提交工单

镜像拉取常见问题

轩辕镜像免费版与专业版有什么区别？

免费版仅支持 Docker Hub 访问，不承诺可用性和速度；专业版支持更多镜像源，保证可用性和稳定速度，提供优先客服响应。

轩辕镜像支持哪些镜像仓库？

专业版支持 docker.io、gcr.io、ghcr.io、registry.k8s.io、nvcr.io、quay.io、mcr.microsoft.com、docker.elastic.co 等；免费版仅支持 docker.io。

流量耗尽错误提示

当返回 402 Payment Required 错误时，表示流量已耗尽，需要充值流量包以恢复服务。

410 错误问题

通常由 Docker 版本过低导致，需要升级到 20.x 或更高版本以支持 V2 协议。

manifest unknown 错误

先检查 Docker 版本，版本过低则升级；版本正常则验证镜像信息是否正确。

镜像拉取成功后，如何去掉轩辕镜像域名前缀？

使用 docker tag 命令为镜像打上新标签，去掉域名前缀，使镜像名称更简洁。

查看全部问题→

用户好评

来自真实用户的反馈，见证轩辕镜像的优质服务

oldzhang

运维工程师

Linux服务器

"Docker访问体验非常流畅，大镜像也能快速完成下载。"