[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [libreoffice-documentation] Infra announce: Authenticating against gerrit using TDF's Single Sign-On system


Not that my confusion is significant, but I just thought I'd mention I have no idea what gerrit is, have no gerrit account, and have no idea of the broader context of this message.

My confusion may relate to my single failed attempt to share some sample documentation by attaching a doc to a message to this list. I think that probably tells you just how much of a newbie I am. But there's also a chance it indicates it's not so easy to get the big picture of the processes one is supposed to follow, to contribute to this free documentation effort.

luke

On 15/9/19 9:28 pm, Guilhem Moulin wrote:
Dear developers,

Please visit https://user.documentfoundation.org/edit (use your Single
Sign-On credentials to authenticate — if you don't have an account there
then please create one) and check whether you have “Gerrit” in the
“Linked profiles” section. If not, then add the preferred email address
of your gerrit account [0] to the form above; a confirmation token will
then be delivered to that address, and “Gerrit” should appear in the
“Linked profiles” section after confirmation.

About 68% of the gerrit accounts who uploaded a patch set in the past 30
days are known to the Single Sign-On system. These accounts can use TDF's
new OAuth2 IdP at https://gerrit.libreoffice.org/login/ i.e., authenticate
through The Document Foundation's Single Sign-On system.

Unfortunately, due to the way the OAuth2 plugin work, if you try a new IdP
that is not linked to your existing gerrit account, then a *brand new*
account is created. (This is no different than for other providers like
GitHub or Google.) If that happens, then please *do not* start using the
new account, instead ask us to merge them ASAP at hostmaster@documentfoundation.org
(or on IRC at #tdf-infra). While merging a fresh account is painless, the
logic is more brittle (there is risk of breaking referential integrity) if
they're both actively used, so again please poke us ASAP.

In the not too distant future, TDF's OAuth2 IdP will become the *only* way
to authenticate against our gerrit instance: authenticating using other
OAuth2 or OpenID providers will no longer be possible. We're unable to
give a precise ETA right now, as we need a higher ratio of patchsets
authors in SSO, but that will definitely be *in 2019*. Later this week
we'll individually poke all recent patchsets authors that are still
unknown from our Single Sign-On system. Once we deprecate other OAuth2
and OpenID providers, gerrit accounts that are still missing from SSO will
be effectively *locked out* until an infra team member manually tie them
up to the relevant LDAP DIT entry.

FWIW finalizing the migration to TDF's OAuth2 IdP is a prerequisite for
upgrading gerrit to more recent versions (with shiny new Web UI, ed25519
SSH key support, CodeMirror editor plugin, and more [1]).



--
To unsubscribe e-mail to: documentation+unsubscribe@global.libreoffice.org
Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
List archive: https://listarchives.libreoffice.org/global/documentation/
Privacy Policy: https://www.documentfoundation.org/privacy

Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.