Bug 1120016 - RFE: FAS-only authentication
Summary: RFE: FAS-only authentication
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Zanata
Classification: Retired
Component: Authentication-Fedora
Version: unspecified
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: 3.4
Assignee: Carlos Munoz
QA Contact: Ding-Yi Chen
URL: https://github.com/zanata/zanata-serv...
Whiteboard:
Depends On:
Blocks: 1120032
TreeView+ depends on / blocked
 
Reported: 2014-07-16 05:10 UTC by Michelle Kim
Modified: 2014-10-23 04:11 UTC (History)
4 users (show)

Fixed In Version: 3.4.3-SNAPSHOT (git-jenkins-zanata-server-github-pull-requests-1814)
Doc Type: Bug Fix
Doc Text:
Story Points: 3
Clone Of:
Environment:
Last Closed: 2014-10-23 04:11:14 UTC


Attachments (Terms of Use)
Small login Button (8.19 KB, image/png)
2014-07-31 01:29 UTC, Ding-Yi Chen
no flags Details


Links
System ID Priority Status Summary Last Updated
Red Hat Bugzilla 1098878 None None None Never
Red Hat Bugzilla 1101332 None None None Never
Red Hat Bugzilla 1120704 None None None Never

Internal Links: 1098878 1101332 1120704

Description Michelle Kim 2014-07-16 05:10:25 UTC
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 1 Carlos Munoz 2014-07-22 04:16:05 UTC
To test this, the standalone.xml security configuration for Open Id should look like this (for fedora auth):
<security-domain name="zanata.openid">
     <authentication>
           <login-module code="org.zanata.security.OpenIdLoginModule" flag="required">
                 <module-option name="providerURL" value="http://id.fedoraproject.org/"/>
           </login-module>
      </authentication>
</security-domain>

The provider URL parameter may be changed to any url that accepts open id requests.

Other QA notes: Please check that the other authentication mechanisms (including multi open-id) have not been broken.

See also:
https://github.com/zanata/zanata-server/pull/535

Comment 2 Ding-Yi Chen 2014-07-31 00:32:50 UTC
New pull request: https://github.com/zanata/zanata-server/pull/536

Comment 3 Ding-Yi Chen 2014-07-31 01:29:07 UTC
Created attachment 922776 [details]
Small login Button

Tested with Zanata 3.4.3-SNAPSHOT (git-jenkins-zanata-server-github-pull-requests-1803) 

The login button is small and does not have any button text,
otherwise login is no problem.

Relative setting in my standalone.xml:

<subsystem xmlns="urn:jboss:domain:naming:1.4">
    <bindings>
        <simple name="java:global/zanata/files/document-storage-directory" value="/var/lib/zanata/documents"/>
        <simple name="java:global/zanata/security/auth-policy-names-INACTIVATED/internal" value="zanata.internal"/>
        <simple name="java:global/zanata/security/auth-policy-names/openid" value="zanata.openid"/> 
        <simple name="java:global/zanata/security/auth-policy-names-INACTIVATED/jaas" value="zanata.jbosssso"/>
        <simple name="java:global/zanata/security/admin-users" value="admin"/>
        <simple name="java:global/zanata/email/default-from-address" value="no-reply@zanata.org"/>
    </bindings>
    <remote-naming/>
</subsystem>

...

<security-domain name="zanata.openid">
    <authentication>
       <login-module code="org.zanata.security.OpenIdLoginModule" flag="required">
           <module-option name="providerURL" value="http://id.fedoraproject.org/"/>
        </login-module>
    </authentication>
</security-domain>
<security-domain name="zanata.internal">
    <authentication>
        <login-module code="org.jboss.seam.security.jaas.SeamLoginModule" flag="required"/>
    </authentication>
</security-domain>

Comment 4 Carlos Munoz 2014-07-31 02:32:57 UTC
Fix missing label. 
Please retest.

Comment 5 Ding-Yi Chen 2014-07-31 04:38:53 UTC
Tested with Zanata 3.4.3-SNAPSHOT (git-jenkins-zanata-server-github-pull-requests-1807),

The button text is correct now.

However, I forget to mention that after filling FAS credentials:
it does not auto redirect back to Zanata dashboard, you need to manually
type the Zanata URL to make it go to the dashboard.

Comment 7 Carlos Munoz 2014-07-31 05:40:30 UTC
There was a missing redirection case for when open id was successfully authenticating a user.
See the see also bugs for related bugs that may be closed with this fix.

Please retest.

Comment 8 Ding-Yi Chen 2014-07-31 06:29:20 UTC
VERIFIED with Zanata 3.4.3-SNAPSHOT (git-jenkins-zanata-server-github-pull-requests-1814)


Note You need to log in before you can comment on or make changes to this bug.