<div dir="ltr"><div>Justin,</div><div><br></div><div> Sorry my delay, but I was some problems with gluster in my datacenters, now that's okay. </div><div> About OpenID support in Gerrit: </div><div><br></div><div> We have four native Gerrit options:</div><div> (not to mention any HTTP auth hacks, with some magic in your reverse proxy thing):</div><div><br></div><div> 1) Migrate to LDAP authentication scheme</div><div> ** Advantage: no messing around with OpenID (and friends) any more</div><div> ** Disadvantage: migration overhead</div><div><br></div><div> 2) Switch to other OpenID provider</div><div> Force your users to link to other OpenID identity. The instructions how to link mulple</div><div> OpenID identities to the same Gerrit account are provided here [1]. Also note, that</div><div> after the needed changes were cherry-picked, 2.10.1 is going to be available in near</div><div> future that dropped deprecated OpenID provider from the login form and replaced it</div><div> with Fedora,Launchpad/UbuntuOne.</div><div><br></div><div> ** Advantage: no intervention from admin side is needed</div><div> ** Disadvantage: all users have to move to other OpenID provider(s)</div><div><br></div><div> 3) Use Gerrit GitHub plugin</div><div> ** Advantage: Supported upstream</div><div> ** Disadvantage: all users have to sign in to GitHub. New created GitHub account</div><div> must be manually linked to the existing Gerrit account.</div><div><br></div><div> 4) Use experimental OAuth authentication scheme [2] with Google OAuth plugin [3].</div><div> See the explanation how it works [4] and how to set it up: [5]</div><div><br></div><div> ** Advantage: Users can use their Google accounts</div><div> ** Disadvantage: Gerrit must be patched. Manually linking OAuth Google identity to</div><div> existing Gerrit accounts is needed (linking of multiple identities is not yet implemented)</div><div><br></div><div>[1] <a href="https://gerrit-review.googlesource.com/Documentation/config-sso.html#_multiple_identities">https://gerrit-review.googlesource.com/Documentation/config-sso.html#_multiple_identities</a></div><div>[2] <a href="https://gerrit-review.googlesource.com/65101">https://gerrit-review.googlesource.com/65101</a></div><div>[3] <a href="https://github.com/davido/gerrit-oauth-provider">https://github.com/davido/gerrit-oauth-provider</a></div><div>[4] <a href="https://groups.google.com/d/topic/repo-discuss/K2U6WcWSCaE/discussion">https://groups.google.com/d/topic/repo-discuss/K2U6WcWSCaE/discussion</a></div><div>[5] <a href="https://code.google.com/p/gerrit/issues/detail?id=2677#c40">https://code.google.com/p/gerrit/issues/detail?id=2677#c40</a></div><div><br></div><div> I would like to see the project with Gluster own accounts all on the FreeIPA, thus detach it from us in any other form of authentication, creating value for the project, I imagine in our page one how to register.</div><div class="gmail_extra"><br></div><div class="gmail_extra">Cheers,<br clear="all"><div><div class="gmail_signature"><div dir="ltr"><br>firemanxbr</div></div></div>
<br><div class="gmail_quote">On Mon, Mar 9, 2015 at 11:55 AM, Justin Clift <span dir="ltr"><<a href="mailto:justin@gluster.org" target="_blank">justin@gluster.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Marcelo,<br>
<br>
Any idea if Gerrit supports OpenID Connect?<br>
<br>
Google's current OpenID 2.0 support expires on April 20th,<br>
to be replaced by "OpenID Connect":<br>
<br>
<a href="https://developers.google.com/accounts/docs/OpenID" target="_blank">https://developers.google.com/accounts/docs/OpenID</a><br>
<br>
We'll need a migration plan for our existing Gerrit accounts<br>
(400+ of them), to either get them using OpenID Connect,<br>
or migrate them to something else.<br>
<br>
It's kind of urgent too (next month)... so ugh.<br>
<br>
Regards and best wishes,<br>
<br>
Justin Clift<br>
<br>
--<br>
GlusterFS - <a href="http://www.gluster.org" target="_blank">http://www.gluster.org</a><br>
<br>
An open source, distributed file system scaling to several<br>
petabytes, and handling thousands of clients.<br>
<br>
My personal twitter: <a href="http://twitter.com/realjustinclift" target="_blank">twitter.com/realjustinclift</a><br>
<br>
</blockquote></div><br></div></div>