•  
     
    story #8631 delegate authentication to Github and link an existing account
Summary
tuleap user
delegate authentication to Github and link an existing account
Empty

Scenario:

  • When someone goes on login page, there is a "Login with Github" button.
  • When user click it, she is redirected to github to authorization
  • If user grant access, she is redirected to Tuleap server
    • If user never associated her github account to Tuleap account, she's asked to authenticate on Tuleap using login & password. Once the Tuleap authentication succeed the 2 accounts are associated.
    • If Github identifier is already known (previous bullet) user is automatically authenticated & redirected to the page she supposed to see (return to original page)
  • If user doesn't grant access, she is redirected to Tuleap server, Tuleap server display an error and propose standard login.
  • User should see his associations in account prefrences + unlink

In this step, there is not yet:

  • possibility to create an account
  • possibility to use a provider different of Github

Technical notes:

  • Technically speaking, the GH information is stored in DB but "hardcoded" (it means that an admin that want to deploy the plugin at this time will have to insert stuff directly in DB)
  • If LDAP is activated, there is no openid connect
  • One user can pair several providers to one account
Empty
Thomas Gerbet (tgerbet)
Status
Empty
Done
Development
  • [ ] Does it involves User Interface? 
  • [ ] Are there any mockups?
  • [ ] Are permissions checked?
  • [ ] Does it need Javascript development?
  • [ ] Does it need a forge upgrade bucket?
  • [ ] Does it need to execute things in system events?
  • [ ] Does it impact project creation (templates)?
  • [ ] Is it exploratory?
Empty
Details
#8631
Manuel Vacelet (vaceletm)
2016-02-23 09:42
2015-11-27 11:00
4681

References
Referencing story #8631

Git commit

tuleap/tuleap/stable

story #8631: Delegate authentication to GitHub through OpenID Connect 21006c5218
Merge commit 'refs/changes/78/5078/3' of ssh://gerrit.tuleap.net:29418/tuleap into tuleap-stable-master 972bed998f
story #8631: Clean up the library loading and keep information about which provider is used 019faf357c
Merge commit 'refs/changes/87/5087/9' of ssh://gerrit.tuleap.net:29418/tuleap into tuleap-stable-master 300bff0e2d
story #8631: Add login buttons on the login page df921b7cab
Merge commit 'refs/changes/95/5095/4' of ssh://gerrit.tuleap.net:29418/tuleap into tuleap-stable-master 218445f95e
story #8631: A user can link an existing Tuleap account to an OpenID Provider 553895094c
Merge commit 'refs/changes/93/5093/4' of ssh://gerrit.tuleap.net:29418/tuleap into tuleap-stable-master 1c9365db80
story #8631: Add a warning message when the plugin is not accessed with HTTPS 50d233c528
Merge commit 'refs/changes/06/5106/6' of ssh://gerrit.tuleap.net:29418/tuleap into tuleap-stable-master 3e5664e67c
story #8631: Add the possibility to remove a link between a user account and an OpenID Connect provider 542a53b8ce
Referenced by story #8631

Follow-ups

User avatar
  • Acceptance criteria
    Something went wrong, the follow up content couldn't be loaded
    Only formatting have been changed, you should switch to markup to see the changes
User avatar
Thomas Gerbet (tgerbet)2016-02-04 10:26
  • Status changed from Ready (stalled) to On going
  • CC list set to Thomas Gerbet (tgerbet)
User avatar
  • Acceptance criteria
    Something went wrong, the follow up content couldn't be loaded
    Only formatting have been changed, you should switch to markup to see the changes