#9090 Please make changes to Ipsilon config
Closed: Fixed a month ago by kevin. Opened a month ago by astepano.

Hello.

I created a ticket: https://pagure.io/fedora-infrastructure/issue/8991
It works perfectly.
However, I wasn't enough clever.
We have two clusters: AWS + Centos
We want to make more easier/transparent for users and for us.
May I ask you to change Ipsilon config please?

  1. Rename client osci-jenkins to osci-jenkins-1
  2. Rename client osci-jenkins-stage to osci-jenkins-1-stage at stage
  3. Add client with name: osci-jenkins-2 to prod
  4. Add client with name: osci-jenkins-2-stage to stage

If possible set keys (if not please email me new keys):

Key osci-jenkins-2 == osci-jenkins-1
Key osci-jenkins-2-stage == osci-jenkins-1-stage

Thank you! Sorry for this.


Metadata Update from @smooge:
- Issue priority set to: Waiting on Assignee (was: Needs Review)
- Issue tagged with: groomed, high-trouble, medium-gain

a month ago

If someone could please take a look. Thank you. It would be allow any FAS user to login.

I can do this, but do they really have the exact same variables?

ie, redirect_uri's are the same? client-url is the same? client-id ? client_name?

Hi!

Let's keep current secrets:

osci-jenkins-1 == osci-jenkins-2 (== old osci-jenkins)
osci-jenkins-1-stage == osci-jenkins-2-stage (== old osci-jenkins-stage)

I see the 4 entries:

osci-jenkins-1 client_name="osci-jenkins-1"
osci-jenkins-1 redirect_uris=["https://osci-jenkins-1.ci.fedoraproject.org/securityRealm/finishLogin"]
osci-jenkins-1 client_uri="https://osci-jenkins-1.ci.fedoraproject.org/"
osci-jenkins-2 client_name="osci-jenkins-2"
osci-jenkins-2 redirect_uris=["https://osci-jenkins-2.ci.fedoraproject.org/securityRealm/finishLogin"]
osci-jenkins-2 client_uri="https://osci-jenkins-2.ci.fedoraproject.org/"
osci-jenkins-1-stage client_name="osci-jenkins-1-stage"
osci-jenkins-1-stage redirect_uris=["https://osci-jenkins-1-stage.ci.fedoraproject.org/securityRealm/finishLogin"]
osci-jenkins-1-stage client_uri="https://osci-jenkins-1-stage.ci.fedoraproject.org/"
osci-jenkins-2-stage client_name="osci-jenkins-2-staeg"
osci-jenkins-2-stage redirect_uris=["https://osci-jenkins-2-stage.ci.fedoraproject.org/securityRealm/finishLogin"]
osci-jenkins-2-stage client_uri="https://osci-jenkins-2-stage.ci.fedoraproject.org/"

Thank you for your time.

ok, changed and deployed.

Let me know if you run into any issues with it.

Metadata Update from @kevin:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

a month ago

@kevin, hello,
Sorry, it doesn't work.
Previous config worked, thus we know it is possible.
I tried it at 2 instances.
Both reply the same: Error from provider: unauthorized_client. Details: Unknown client ID.
Maybe if you do not mind, we can sync on IRC?
Please ping me on IRC any time you have time.

Huh, ok.

Well, this is a holiday weekend in the US, so unless it's really urgent I would prefer next week.

Can you drop a time on my calendar that works for you and we can meet in #fedora-admin with any other interested folks and debug this?

Login to comment on this ticket.

Metadata