Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #16607 Allow ldap login when openidconnect client is used
    Actions
    Infos
    #16607
    Manuel Vacelet (vaceletm)
    2020-09-10 13:56
    2020-08-27 13:10
    17913
    Details
    Allow ldap login when openidconnect client is used

    When OpenID Connect (OIDC) is activated, it's no longer possible to authenticate with LDAP credentials (while it's possible to login with local "Tuleap" credentials). It makes almost impossible for platform that are using LDAP to move to OpenID Connect as existing users will be stuck outside.

    LDAP Login should be allowed to ease the transition.

    First and foremost, this is made to allow transition from LDAP to OpenID Connect client. The transition can take time but the goal should be to no longer authenticate users against LDAP:

    • there should not be more than one source of truth to identify users.
    • when tuleap delegate authentication to an OIDC provider, tuleap should no longer manipulate user passwords (even a forward to an LDAP server).

     

    Authentication & LDAP
    11.18
    Empty
    • [x] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Manuel Vacelet (vaceletm)
    Closed
    2020-09-10
    Attachments
    Artifact links

    Releases

    Fixed in

    Artifact ID Project Tracker Summary Status Last Update Date Submitted By Assigned to
    rel #14819 Tuleap Releases 12.0 Delivered 2020-09-30 09:53 Manuel Vacelet (vaceletm)
    Empty
    References
    Referencing request #16607

    Artifact Tracker v5

    request #16681 OIDC accounts must use SVN tokens

    Git commit

    tuleap/tuleap/stable

    Refactor events for account creation 6e386a4856
    User avatar Manuel Vacelet (vaceletm) , 2020-08-27 13:49
    Allow LDAP login and OIDC Client in parallel e74ba5f6bf
    User avatar Manuel Vacelet (vaceletm) , 2020-08-27 16:54
    Tuleap Core provides a mean to identify the authentication mean 546bfbf654
    User avatar Manuel Vacelet (vaceletm) , 2020-08-28 15:00
    LDAP + OIDC accounts are created like LDAP accounts 290b862058
    User avatar Manuel Vacelet (vaceletm) , 2020-09-02 15:57
    Fix issue reported by the static analysis in Project_SOAPServer e1555ad0e7
    User avatar Thomas Gerbet (tgerbet) , 2020-09-03 17:14
    Refactor BeforeLogin event b80fd3d5e2
    User avatar Manuel Vacelet (vaceletm) , 2020-09-04 14:42
    Refactor AfterLogin event 96b3d1d0da
    User avatar Manuel Vacelet (vaceletm) , 2020-09-04 15:16
    Forbid Local or LDAP login when a user authenticate with OIDC 2e365854e7
    User avatar Manuel Vacelet (vaceletm) , 2020-09-09 10:44
    Allow plugins to inform about login being refused c1a92b20c8
    User avatar Manuel Vacelet (vaceletm) , 2020-09-10 10:25
    Display settings

    Follow-ups

    User avatar
    Manuel Vacelet (vaceletm)2020-09-10 13:56

    Closing this request.

    The remaining work on SVN will be done in art #16681 in Tuleap 12.1

    • Status changed from Under implementation to Closed
    • Connected artifacts
    • Close date set to 2020-09-10
    User avatar
    Manuel Vacelet (vaceletm)2020-09-04 10:46
    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes