On 05/09/2017 04:29 PM, Martin Kosek wrote: > Hello all, > > As some of you noticed, FreeIPA wiki authentication via OpenID was > broken in the last days. I suspect (but did get reply from Patrick who > running the Fedora infra yet) that it was caused by Fedora moving to > mode modern authentication protocol, i.e. from OpenID to OpenID Connect > (OIDC): > https://fedoraproject.org/wiki/Infrastructure/Authentication > > Unfortunately, I cannot make the OIDC login for our current FreeIPA > instance available, given that our wiki runs on OpenShift v2 which uses > PHP 5.3.3 cartridge, which can get us only as far as to Mediawiki 1.26. > OIDC mediawiki authentication plugin is supported from 1.27 forward. > > So the wiki needs to be either: > - migrated to newer PHP cartridge on current Red Hat OpenShift v2 instance > - migrated to OpenShift v3 (preferred) > to unblock us from this situation and get to proper OIDC authentication. > > However, this will need more time and preparation (which I do not even > have right now). For now, I simply disabled OpenID authentication in our > wiki and enabled password logins again! Anonymous account creation is > disabled to avoid spammers. However, given that we now enforce people to > be in a special group (editors) to fight the spammers, there is actually > no big functionality lost in this, except having to use yet another > password. > > To summarize, if you want to access the wiki again, please use the > password you may have had before we migrated to Fedora OpenID. If you do > not have the password yet, you should be able to simply reset it before > logging in and you should get an email (the mail part did not work for > martbab this afternoon, though). In the worst case, I can reset the > password for you, just shoot me an email.
After finally reaching Patrick, I found out that Fedora still supports plain OpenID and it was likely just some interim error. I thus reverted the patch for simple password login and re-enabled OpenID logins again. Still, current situation with FreeIPA.org mediawiki version stays, we will be unable to upgrade the wiki or most of it's plugins until we move to a newer OpenShift instance. Martin -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
