Page MenuHomePhabricator
Create Task
Maniphest T311999

Enable OIDC in CAS
Closed, ResolvedPublic
Actions

Description

Enable OIDC in the CAS build, puppetise OIDC-related options and initially enabled in idp-test to allow tests for Juniper Service Asset APIs

Details

SubjectRepoBranchLines +/-
idp: add idm-test servicesoperations/puppetproduction+4 -0
idp: add oidc_issuers_pattern via the profileoperations/puppetproduction+6 -0
Enable OIDC in Gradle buildoperations/software/cas-overlay-templatemaster+1 -0
apreo_cas: Bypass the approval promptoperations/puppetproduction+1 -0
aereo_cas: add addtional OIDC parameteresoperations/puppetproduction+14 -9
apereo_cas: Add OIDC service to cloud instanceoperations/puppetproduction+12 -4
apereo_cas::services: drop mfa-u2f supportoperations/puppetproduction+47 -57
apereo_cas: add OidcRegisteredService service supportoperations/puppetproduction+11 -2
idp::standalon: Add OIDC configoperations/puppetproduction+28 -10
apero_cas: (WIP) add addtional paramas for OIDCoperations/puppetproduction+8 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

MoritzMuehlenhoff renamed this task from Enable OIDC to Enable OIDC in CAS.Jul 4 2022, 11:06 AM
MoritzMuehlenhoff triaged this task as Medium priority.
MoritzMuehlenhoff created this task.
gerritbot added a comment.Jul 4 2022, 11:08 AM

Change 810867 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/software/cas-overlay-template@master] Enable OIDC in Gradle build

https://gerrit.wikimedia.org/r/810867

gerritbot added a project: Patch-For-Review.Jul 4 2022, 11:08 AM
ayounsi added a parent task: Restricted Task.Aug 4 2022, 11:01 AM
gerritbot added a comment.Nov 17 2022, 4:47 PM

Change 858362 had a related patch set uploaded (by Jbond; author: jbond):

[operations/puppet@production] apero_cas: (WIP) add addtional paramas for OIDC

https://gerrit.wikimedia.org/r/858362

gerritbot added a comment.Nov 30 2022, 11:48 AM

Change 858362 merged by Jbond:

[operations/puppet@production] apero_cas: (WIP) add addtional paramas for OIDC

https://gerrit.wikimedia.org/r/858362

gerritbot added a comment.Dec 1 2022, 2:49 PM

Change 862942 had a related patch set uploaded (by Jbond; author: John Bond):

[operations/puppet@production] idp::standalon: Add OIDC config

https://gerrit.wikimedia.org/r/862942

gerritbot added a comment.Dec 1 2022, 3:02 PM

Change 862942 merged by Jbond:

[operations/puppet@production] idp::standalon: Add OIDC config

https://gerrit.wikimedia.org/r/862942

gerritbot added a comment.Dec 2 2022, 1:15 PM

Change 863006 had a related patch set uploaded (by Jbond; author: John Bond):

[operations/puppet@production] apereo_cas: add OidcRegisteredService service support

https://gerrit.wikimedia.org/r/863006

gerritbot added a comment.Dec 2 2022, 1:15 PM

Change 863292 had a related patch set uploaded (by Jbond; author: John Bond):

[operations/puppet@production] apereo_cas::services: drop mfa-u2f support

https://gerrit.wikimedia.org/r/863292

gerritbot added a comment.Dec 20 2022, 12:21 PM

Change 863292 merged by Jbond:

[operations/puppet@production] apereo_cas::services: drop mfa-u2f support

https://gerrit.wikimedia.org/r/863292

gerritbot added a comment.Dec 20 2022, 12:21 PM

Change 863006 merged by Jbond:

[operations/puppet@production] apereo_cas: add OidcRegisteredService service support

https://gerrit.wikimedia.org/r/863006

gerritbot added a comment.Dec 20 2022, 12:38 PM

Change 869750 had a related patch set uploaded (by Jbond; author: John Bond):

[operations/puppet@production] apereo_cas: Add OIDC service to cloud instance

https://gerrit.wikimedia.org/r/869750

gerritbot added a comment.Dec 20 2022, 12:43 PM

Change 869750 merged by Jbond:

[operations/puppet@production] apereo_cas: Add OIDC service to cloud instance

https://gerrit.wikimedia.org/r/869750

gerritbot added a comment.Dec 20 2022, 6:54 PM

Change 869837 had a related patch set uploaded (by Jbond; author: John Bond):

[operations/puppet@production] aereo_cas: add addtional OIDC parameteres

https://gerrit.wikimedia.org/r/869837

gerritbot added a comment.Dec 20 2022, 7:06 PM

Change 869837 merged by Jbond:

[operations/puppet@production] aereo_cas: add addtional OIDC parameteres

https://gerrit.wikimedia.org/r/869837

gerritbot added a comment.Dec 20 2022, 7:17 PM

Change 869840 had a related patch set uploaded (by Jbond; author: John Bond):

[operations/puppet@production] apreo_cas: Bypass the approval prompt

https://gerrit.wikimedia.org/r/869840

gerritbot added a comment.Dec 20 2022, 7:37 PM

Change 869840 merged by Jbond:

[operations/puppet@production] apreo_cas: Bypass the approval prompt

https://gerrit.wikimedia.org/r/869840

gerritbot added a comment.Dec 22 2022, 11:28 AM

Change 810867 abandoned by Muehlenhoff:

[operations/software/cas-overlay-template@master] Enable OIDC in Gradle build

Reason:

Similar patch was merged by John

https://gerrit.wikimedia.org/r/810867

gerritbot added a comment.Jan 13 2023, 1:39 PM

Change 879807 had a related patch set uploaded (by Jbond; author: John Bond):

[operations/puppet@production] idp: add oidc_issuers_pattern via the profile

https://gerrit.wikimedia.org/r/879807

gerritbot added a comment.Jan 13 2023, 1:47 PM

Change 879807 abandoned by Jbond:

[operations/puppet@production] idp: add oidc_issuers_pattern via the profile

Reason:

for now i dont think we need to change this

https://gerrit.wikimedia.org/r/879807

gerritbot added a comment.Jan 13 2023, 1:54 PM

Change 879809 had a related patch set uploaded (by Jbond; author: John Bond):

[operations/puppet@production] idp: add idm-test services

https://gerrit.wikimedia.org/r/879809

gerritbot added a comment.Jan 13 2023, 1:57 PM

Change 879809 merged by Jbond:

[operations/puppet@production] idp: add idm-test services

https://gerrit.wikimedia.org/r/879809

BTullis subscribed.Feb 7 2023, 5:05 PM

Hi @jbond and @MoritzMuehlenhoff - how are things looking with regard to this OIDC support?

We would still like to be able to T305874: Switch DataHub authentication to OIDC using idp because the LDAP support in DataHub isn't great, but currently it's the only thing we have.

Do you know when we might be able to start testing OIDC authentication via CAS? Thanks.

BTullis added a subtask: T305874: Switch DataHub authentication to OIDC.Feb 7 2023, 5:06 PM
jbond added a comment.Feb 7 2023, 5:13 PM

@BTullis OIDC support is now possible and is being tried out by the new IDM. It should be to a state where you can start using it and happy to help out/provide more pointers just keep in mind you will be an early adopter so there may be something to work out on the fly. Check the config for idm_test in production and the private repo

Maintenance_bot removed a project: Patch-For-Review.Feb 7 2023, 5:30 PM
BTullis added a comment.Feb 7 2023, 8:37 PM

@jbond - Many thanks. That's excellent. I think I'd be keen to look at doing that and helping find out the issues. I've asked the Data-Engineering team so I'll get back to you in a couple of days.

jbond added a comment.Feb 8 2023, 10:59 AM

sgmt just ping if/when you need more pointers

jbond closed this task as Resolved.Mar 9 2023, 3:57 PM
jbond claimed this task.
Jelto closed subtask T320390: migrate gitlab away from the CAS protocol as Resolved.Aug 16 2023, 9:51 AM
Stevemunene closed subtask T305874: Switch DataHub authentication to OIDC as Resolved.Sep 22 2023, 11:17 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL