#12161 Need some OIDC credentials for com blog in STG
Opened a month ago by misc. Modified 4 days ago

Describe what you would like us to do:


Per https://discussion.fedoraproject.org/t/the-future-of-fedora-magazine-auth/129060, we (or rather I) want to move various fedora blogs auth to OIDC, as the openid plugin is no longer supported (and SAML is seriously annoying on WP Engine).

I am going to start with the stage instance of the community blog, and I need a client secret for that. Th redirection URI should be:

https://fedoracomstg.wpengine.com/wp-admin/admin-ajax.php?action=openid-connect-authorize

When do you need this to be done by? (YYYY/MM/DD)


When you have time, no urgency (I am still reading about oidc connect)


Metadata Update from @phsmoura:
- Issue priority set to: Waiting on Assignee (was: Needs Review)
- Issue tagged with: low-gain, low-trouble, ops

a month ago

We need some information to setup the OIDC for you:

  • Client name
  • Redirect URLs for oidc callback
  • Client URL - Application URL
  • Contacts for the application
  • Token Endpoint Auth method

You can look at example of these values in our docs.

Metadata Update from @zlopez:
- Issue assigned to zlopez

a month ago

Client name: fedoracomstg-wpengine-com
Redirect URLs: https://fedoracomstg.wpengine.com/wp-admin/admin-ajax.php?action=openid-connect-authorize
Client URL: https://fedoracomstg.wpengine.com/
Contacts: me (or OSPO CommInfra in general)
Token Endpoint Auth method: client_secret_post

(not sure about the last one)

Metadata Update from @zlopez:
- Assignee reset

a month ago

Metadata Update from @jnsamyak:
- Issue assigned to jnsamyak

a month ago

The credentials have been added, we will close this once we verify that it works.

Added where ? (as I found no email nor any communication with the credentials)

It was added to ipsilon system, which is doing the authentication of the app.

The client name is the one provided by you fedoracomstg-wpengine-com.

Is commblog deployed from our ansible repository? If yes, we can provide you the client secret as a variable. If not we can provide it by other way.

The commblog is not managed by ansible, Fedora Infra didn't want to maintain it (for good reasons), and as RH OSPO is paying a provider (wpengine) for others WP blogs, a instance is setup there (in fact4, 2 for fedora magazine, 2 for commblog )

So this need to be managed manually (eg, I have to cut and paste and test).

@misc In this case is encrypted chat on Matrix OK for you?

yep, it is (if that's ok for you). Sorry for the delay, seems I am not getting pagure notification, or I get too much ticket :/

If you contacted me on matrix, I got no notifcation neither on my personal account nor on the fedora one.

Sorry I forgot, you should have it now.

Let me know if there is something else that needs to be done here?

Log in to comment on this ticket.

Metadata
Boards 1
ops Status: Backlog