844821 – RFE: Open ID Authentication

Bug 844821 - RFE: Open ID Authentication

Summary: RFE: Open ID Authentication

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Zanata
Classification:	Retired
Component:	Authentication-Fedora
Sub Component:
Version:	1.7
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Target Release:	2.0
Assignee:	Carlos Munoz
QA Contact:	Ding-Yi Chen
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-07-31 23:39 UTC by Carlos Munoz
Modified:	2012-11-07 06:19 UTC (History)
CC List:	1 user (show)
Fixed In Version:	1.8.0-SNAPSHOT (20120924-1423)
Doc Type:	Enhancement
Doc Text:	Feature: Open Id authentication is enabled for Fedora authentication Zanata instances. Reason: There was a need to allow other Open Id authentication options aside from Fedora. Result (if any): Users can now create a Zanata account using any Open Id. They can also link multiple open Ids to a single account.
Story Points:	---
Clone Of:
Environment:
Last Closed:	2012-11-07 06:19:07 UTC
Embargoed:

Attachments	(Terms of Use)

Description Carlos Munoz 2012-07-31 23:39:02 UTC

Allow login to Zanata using any open Id. Restrict projects for translation based on the type of open Id a user has.

Comment 1 Carlos Munoz 2012-09-05 23:15:37 UTC

Code changes:

https://github.com/zanata/zanata/commit/302a8e00c4a8022e9de72340ee3d30c27dd0368d
https://github.com/zanata/zanata/commit/0bba4e1a141d26b4b18b14e9ffc1ca557b288942
https://github.com/zanata/zanata/commit/6ac6251ddf48a75b2ee6e5480bf806700fb66424
https://github.com/zanata/zanata/commit/e06293d8e54dddf9c44e34a0096e122dea658cba
https://github.com/zanata/zanata/commit/1cd7645a6187bf54949aed240418abb01ac8d3b0
https://github.com/zanata/zanata/commit/92df92d7b583f3a73db89b52509a608c083b3e2a
https://github.com/zanata/zanata/commit/267b80be7e3a4113a28dbe3c67143882ad742a83
https://github.com/zanata/zanata/commit/d0cd8e8514ea471bb91deab34b9b0c30541c916c
https://github.com/zanata/zanata/commit/00e077a2625b9e214e7c2a971c4b63718789cbd9
https://github.com/zanata/zanata/commit/7e094e7eb26267be2cdade8e9ecdadb9d7da7bad
https://github.com/zanata/zanata/commit/a34c1fbebc8e951a357e1c457863e8a3279f2524
https://github.com/zanata/zanata/commit/8272b6248bc791800a23591494fc6242a802d6d6
https://github.com/zanata/zanata/commit/4ec218faea9962757ec911a6cdb0c6037f0236f1
https://github.com/zanata/zanata/commit/1be597579af051ff49122e5f3a249abad3494bd4
https://github.com/zanata/zanata/commit/7bebd7248c407a7c8539df4f8b285c1108940648
https://github.com/zanata/zanata/commit/5e81838790944295325c395d3c569eff301e28f1
https://github.com/zanata/zanata/commit/2dfcbde825236533febb53f2ff5823b23ad3509f
https://github.com/zanata/zanata/commit/085fa40f43faa36979269195237584a5de5ffd95

Comment 2 Carlos Munoz 2012-09-06 00:56:11 UTC

Testing notes:

Users can now log in with any Open Id that they have. A few common options are offered when logging in, but the "OpenId" option should work for any open Id.

Once logged in, users can link all their other open Ids to their account via the profile section.

Also, if a user has created two accounts but wishes to merge them, the Profile section offers a way to do this. All permissions, language teams, Identities, etc. will be moved to their current account and the old account will be deactivated.

For open Id Zanata instances, the server will create special user roles for the users of the different open Id providers. A project can now be restricted to a set of Roles. Only users belonging to the approved roles will be able to translate this project.

Comment 3 Carlos Munoz 2012-09-10 01:12:47 UTC

Enabled internal authentication along with open id. In the future, we will be able to merge other authentication mechanisms more easily.

See:
https://github.com/zanata/zanata/0e91fa45b7d77795e9aa3869f430feb7087b9b18
https://github.com/zanata/zanata/35281090b19576893a2f0ec7c287e5421f3807af

Comment 4 Carlos Munoz 2012-09-17 22:55:26 UTC

- Open Id authentication can now be enabled with Internal authentication simultaneously (These are the only two authentication systems that may be enabled in this fashion). If this is setup, users can register both with open Id and with Zanata credentials. After registering, users can enable internal authentication by setting a password, and/or add more open Id credentials.

- Under the admin menu there is now an option for "Role Assignment Rules". These rules determine the dynamic assignment of roles when a user signs in. All rules will be evaluated when a user logs in with a certain set of credentials (whether it's internal auth credentials, kerberos, openid, etc.). The rules will evaluate the policy (authentication type), the user name used (against a regular expression) and will assign a user role accordingly.

See Also:

https://github.com/zanata/zanata/commit/dada883791096619186cf94a2b92848f7218645a
https://github.com/zanata/zanata/commit/170bf20a2c62469f115eb2a5052004a22fe83067
https://github.com/zanata/zanata/commit/d5390d6df0a3184c1b8948fb8b4196d1840e452e
https://github.com/zanata/zanata/commit/a7dfe716d1d9e92322956460c95d4349a3853ba5

Comment 5 Ding-Yi Chen 2012-09-20 04:45:05 UTC

Tested with Zanata version 1.8.0-SNAPSHOT (20120920-0016)

It works when the identities were added from "Manage Identities".

However, it does not work as new user registration.

Reassigned.

Comment 6 Carlos Munoz 2012-09-20 23:20:12 UTC

First Open Id login was not properly redirecting to the "Create Account" section. Changed the conditions for this navigation to happen.

See:
https://github.com/zanata/zanata/commit/06bb383d7400b51c416b9b88980ba831b36b46ae

Comment 7 Ding-Yi Chen 2012-09-24 05:33:59 UTC

VERIFIED with Zanata version 1.8.0-SNAPSHOT (20120924-1423)

Comment 8 Sean Flanigan 2012-11-07 06:19:07 UTC

Fix released in Zanata 2.0.

Note You need to log in before you can comment on or make changes to this bug.