Page MenuHomeLubuntu

Ubuntu SSO for Phab
Open, NormalPublic

Description

Come on, it only makes sense, if we're going to have SSO at all.

Event Timeline

wxl created this task.Nov 28 2017, 2:26 PM
wxl created this object in space S1 Public.
wxl moved this task from New to Blocked on the Meta board.Nov 28 2017, 2:44 PM

Supposedly the contact for Ubuntu One (login.ubuntu.com) is isd-support@canonical.com. Just dropped them an email.

wxl moved this task from Blocked to in progress on the Meta board.Nov 28 2017, 3:07 PM
wxl added a comment.Nov 28 2017, 3:09 PM

Here's the response:

Ubuntu SSO is an openid identity provider (see for example askubuntu.com where you can use Launchpad as your identity). If Phabricator supports openid, you could use that to integrate easily.

It unfortunately doesn't support LDAP, and only supports OAuth 1.

Feel free to bzr branch lp:canonical-identity-provider and check out docs/resources/token.txt for info on how to get oauth tokens. This is, for example, the authentication mechanism old versions of Ubuntu Software Center used. Be warned that oauth support might go away in the future though.

You can also file a bug at https://bugs.launchpad.net/canonical-identity-provider/ to get it to the wider attention of SSO developers, because this address is mainly for login issues and as such, the visibility and help I can provide are limited.

I'll look more into this.

wxl added a comment.Nov 28 2017, 4:32 PM

Here's the Discourse plugin and it is indeed using OpenID.

wxl added a comment.Dec 5 2017, 10:39 AM

Unfortunately it looks like the request for OpenID auth was denied but I'll see if I can find some more information as that's a little old.

wxl added a comment.Dec 5 2017, 11:05 AM

Dropped a message on the Phabricator community support forum (which, in an example of poor dogfooding, is not Phabricator but Discourse). Hopefully someone will have some sort of solution.

tsimonq2 moved this task from in progress to Blocked on the Meta board.Dec 8 2017, 8:33 AM
tsimonq2 raised the priority of this task from Wishlist to Normal.
tsimonq2 added subscribers: Meta, tsimonq2.

It is open source after all... You might be able to write a plugin for our instance and make it a Git submodule that you put on GitHub somewhere...

Would you be open to writing that code?

wxl added a comment.Dec 19 2017, 9:39 AM

OAuth1 is the way to go: it's supported by Phabricator (see Twitter, BitBucket, JIRA providers) and Ubuntu SSO (though they don't guarantee they won't drop it).

Made a Google Code-In task to try to get this solved. It's a doozy so I'm not sure we're going to get it done. That said, here's the basics:

OAuth1 is the way to go: it's supported by Phabricator (see Twitter, BitBucket, JIRA providers) and Ubuntu SSO (though they don't guarantee they won't drop it).

Fine by me.

Made a Google Code-In task to try to get this solved. It's a doozy so I'm not sure we're going to get it done.

Bah, I've made complex packaging guide tasks, there's a few students who like this stuff enough that they'll fight through it (go them!). ๐Ÿ˜„

That said, here's the basics:

generating Ubuntu SSO OAuth1 tokens
generic Phabricator OAuth1 provider (go up one folder and you'll see all the providers including the aforementioned ones that already use OAuth1)

Added this page to the GCI task, as a bonus thing. ๐Ÿ˜„

tsimonq2 moved this task from Blocked to New on the Meta board.May 16 2018, 2:47 PM
wxl added a comment.May 17 2018, 12:48 AM

Since we didn't have any takers, you got any other ideas @tsimonq2 ?

tsimonq2 claimed this task.May 17 2018, 8:02 AM

If you want to follow through with this until the end, that's absolutely fine by me, otherwise I can look at working on it (our Phab deployment is just a Git repo after all).

It would also be fairly far down on my TODO list, so if you have the time for it sooner than I do, feel free to steal it.

Bump, now that we have GCI again. ๐Ÿ˜›