Per https://discussion.fedoraproject.org/t/the-future-of-fedora-magazine-auth/129060, we (or rather I) want to move various fedora blogs auth to OIDC, as the openid plugin is no longer supported (and SAML is seriously annoying on WP Engine).
I am going to start with the stage instance of the community blog, and I need a client secret for that. Th redirection URI should be:
https://fedoracomstg.wpengine.com/wp-admin/admin-ajax.php?action=openid-connect-authorize
When you have time, no urgency (I am still reading about oidc connect)
Metadata Update from @phsmoura: - Issue priority set to: Waiting on Assignee (was: Needs Review) - Issue tagged with: low-gain, low-trouble, ops
We need some information to setup the OIDC for you:
You can look at example of these values in our docs.
Metadata Update from @zlopez: - Issue assigned to zlopez
Client name: fedoracomstg-wpengine-com Redirect URLs: https://fedoracomstg.wpengine.com/wp-admin/admin-ajax.php?action=openid-connect-authorize Client URL: https://fedoracomstg.wpengine.com/ Contacts: me (or OSPO CommInfra in general) Token Endpoint Auth method: client_secret_post
(not sure about the last one)
Metadata Update from @zlopez: - Assignee reset
Metadata Update from @jnsamyak: - Issue assigned to jnsamyak
The credentials have been added, we will close this once we verify that it works.
Added where ? (as I found no email nor any communication with the credentials)
It was added to ipsilon system, which is doing the authentication of the app.
The client name is the one provided by you fedoracomstg-wpengine-com.
fedoracomstg-wpengine-com
Is commblog deployed from our ansible repository? If yes, we can provide you the client secret as a variable. If not we can provide it by other way.
The commblog is not managed by ansible, Fedora Infra didn't want to maintain it (for good reasons), and as RH OSPO is paying a provider (wpengine) for others WP blogs, a instance is setup there (in fact4, 2 for fedora magazine, 2 for commblog )
So this need to be managed manually (eg, I have to cut and paste and test).
@misc In this case is encrypted chat on Matrix OK for you?
yep, it is (if that's ok for you). Sorry for the delay, seems I am not getting pagure notification, or I get too much ticket :/
If you contacted me on matrix, I got no notifcation neither on my personal account nor on the fedora one.
Sorry I forgot, you should have it now.
Let me know if there is something else that needs to be done here?
Log in to comment on this ticket.