[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [libreoffice-documentation] Infra announce: Authenticating against gerrit using TDF's Single Sign-On system
- Subject: Re: [libreoffice-documentation] Infra announce: Authenticating against gerrit using TDF's Single Sign-On system
- From: "Luke (gmail)" <firstname.lastname@example.org>
- Date: Tue, 17 Sep 2019 15:57:42 +1000
- To: email@example.com
Not that my confusion is significant, but I just thought I'd mention I have no idea what gerrit is, have no gerrit account, and have no idea of the broader context of this message.
My confusion may relate to my single failed attempt to share some sample documentation by attaching a doc to a message to this list. I think that probably tells you just how much of a newbie I am. But there's also a chance it indicates it's not so easy to get the big picture of the processes one is supposed to follow, to contribute to this free documentation effort.
On 15/9/19 9:28 pm, Guilhem Moulin wrote:
Please visit https://user.documentfoundation.org/edit (use your Single
Sign-On credentials to authenticate — if you don't have an account there
then please create one) and check whether you have “Gerrit” in the
“Linked profiles” section. If not, then add the preferred email address
of your gerrit account  to the form above; a confirmation token will
then be delivered to that address, and “Gerrit” should appear in the
“Linked profiles” section after confirmation.
About 68% of the gerrit accounts who uploaded a patch set in the past 30
days are known to the Single Sign-On system. These accounts can use TDF's
new OAuth2 IdP at https://gerrit.libreoffice.org/login/ i.e., authenticate
through The Document Foundation's Single Sign-On system.
Unfortunately, due to the way the OAuth2 plugin work, if you try a new IdP
that is not linked to your existing gerrit account, then a *brand new*
account is created. (This is no different than for other providers like
GitHub or Google.) If that happens, then please *do not* start using the
new account, instead ask us to merge them ASAP at firstname.lastname@example.org
(or on IRC at #tdf-infra). While merging a fresh account is painless, the
logic is more brittle (there is risk of breaking referential integrity) if
they're both actively used, so again please poke us ASAP.
In the not too distant future, TDF's OAuth2 IdP will become the *only* way
to authenticate against our gerrit instance: authenticating using other
OAuth2 or OpenID providers will no longer be possible. We're unable to
give a precise ETA right now, as we need a higher ratio of patchsets
authors in SSO, but that will definitely be *in 2019*. Later this week
we'll individually poke all recent patchsets authors that are still
unknown from our Single Sign-On system. Once we deprecate other OAuth2
and OpenID providers, gerrit accounts that are still missing from SSO will
be effectively *locked out* until an infra team member manually tie them
up to the relevant LDAP DIT entry.
FWIW finalizing the migration to TDF's OAuth2 IdP is a prerequisite for
upgrading gerrit to more recent versions (with shiny new Web UI, ed25519
SSH key support, CodeMirror editor plugin, and more ).
To unsubscribe e-mail to: email@example.com
Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
List archive: https://listarchives.libreoffice.org/global/documentation/
|Re: [libreoffice-documentation] Infra announce: Authenticating against gerrit using TDF's Single Sign-On system||Olivier Hallot <firstname.lastname@example.org>|
|Re: [libreoffice-documentation] Infra announce: Authenticating against gerrit using TDF's Single Sign-On email@example.com|
|[libreoffice-documentation] Infra announce: Authenticating against gerrit using TDF's Single Sign-On system||Guilhem Moulin <firstname.lastname@example.org>|
- Prev by Date: Re: [libreoffice-documentation] Calc Guide, Chapter 10, Linking Calc Data
- Next by Date: Re: [libreoffice-documentation] Infra announce: Authenticating against gerrit using TDF's Single Sign-On system
- Previous by thread: [libreoffice-documentation] Infra announce: Authenticating against gerrit using TDF's Single Sign-On system
- Next by thread: Re: [libreoffice-documentation] Infra announce: Authenticating against gerrit using TDF's Single Sign-On system