On Fri, Mar 12, 2021 at 01:48:48PM +0100, Raphael Hertzog wrote: > On Thu, 11 Mar 2021, Antoine Beaupre wrote: > > According to the sso.debian.org wiki page, the service is > > "deprecated": > > > > > If you are a service admin please look into using Salsa for this > > > purpose. <https://wiki.debian.org/Salsa/SSO> I'm oh so much looking forward to what we'll do in 5-10 years when salsa will suddenly become deprecated as well :/ > Yeah, but I don't see a reason to disable this until someone has > contributed OIDC authentication with salsa.debian.org. > > I haven't even looked at what it entails. We don't seem to have > pyoidc in Debian (https://github.com/rohe/pyoidc) and I don't see > any other Python implementation. > > I wonder what nm.debian.org uses for this. enrico developed this actually very nice piece of code that allow to associate "identities" to accounts, effectively providing multiple login methods. It's actually incredibly simple, though of course it could do with a few improvements here and there… https://salsa.debian.org/nm-team/nm.debian.org/-/tree/master/signon That's also used by contributors.d.o and debtags.d.n, so we were thinking of splitting the "app" out of them to reduce the duplication. Incidentally, the fact that the salsa admins decided to not force account names with -guest anymore, also means that you can't easily associate salsa accounts to DDs anymore, and AFAIK there is no good way to establish that as of now (the nm API is not publicly advertising the salsa accounts details of DDs ATM (that's part of a private API for salsa only though), and of course the salsa admins don't fancy patching gitlab to expose that detail). So, even if you implemented the above thing, associating everybody's salsa "identities" to their already existing tracker.d.o accounts would prove incredibly difficult. Good luck. > > Apparently, you can still generate client-sides certs with "web > > crypto", whatever that means... But that's kind of out of scope here. > > I managed to renew my certificate by following the instructions > on sso.debian.org at least. chrome also hasn't supported online keygen for years, but I argue it's still trivial to get a certificate. -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. More about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
Attachment:
signature.asc
Description: PGP signature