I just finished implementing a new auth type for gerrit to let you use Atlassian Crowd instead of LDAP. I would appreciate any feedback and I am sure Shawn would appreciate someone else looking at this and trying it before he +2's the commit :)
The current change can be found: https://review.source.android.com/24928
Thanks,
Eric
would it be better, instead of keep on adding others 'switch/case' in AuthType.java ... to introduce the concept of "pluggable auth" and auth provider plug-in ?
This would allow a simpler extensibility to other ALMs, such as CollabNet, Rally, MSVTS etc.
@Shawn: what do you think ?
Luca.
> --
> To unsubscribe, email repo-discuss...@googlegroups.com
> More info at http://groups.google.com/group/repo-discuss?hl=en
$0.02
-EA
£0.02
Luca
I'd favor better factoring so that we can keep Gerrit install/setup as painless as possible.
-EA
much more an extensibility point, something like:
- AuthType => External
- External plug-in => Jar file
... and Jar file gets loaded dynamically and stored in the GERRIT_SITE/bin.
External plug-in will provide its initialisation steps as well:
- auth url
- protocol
- any other relevant info
Another one that will be very popular would be MQC (probably we could do it very soon), Assembla or others.
What do you think ?
Luca.
I would continue to support:
[auth]
type = CROWD
crowdUser = BLAH
crowdPassword = BLAH
crowdUrl = BLAH
I would think an easy way to do this would be to put files in the META-INF like so:
/META-INF/gerritplugin/auth/CROWD.conf
type = usernamepassword
module = com.path.to.my.module
This would also let the LDAP and friends be implemented as plugins but also bundled with what Gerrit ships. It would also allow us to bundle various auth plugins if we decide thats desirable.
Thoughts?
@Shawn: what do you think ? I guess this would be a step forward to integrate Gerrit with other enterprise ALMs :-)
Luca.
Hi all,
On Saturday, July 30, 2011 12:24:17 AM UTC+2, lucamilanesio wrote:Sounds good to me.@Shawn: what do you think ? I guess this would be a step forward to integrate Gerrit with other enterprise ALMs :-)
Luca.
I couldn't find any references to CROWD in the current source tree (master). Just as not to miss anything: was there any movement on this issue from this point on? To me this still seems like an interesting feature to have, so I would like to look a bit into it.Thanks,
Mario
Hi all,
On Saturday, July 30, 2011 12:24:17 AM UTC+2, lucamilanesio wrote:
Sounds good to me.@Shawn: what do you think ? I guess this would be a step forward to integrate Gerrit with other enterprise ALMs :-)
Luca.
I couldn't find any references to CROWD in the current source tree (master). Just as not to miss anything: was there any movement on this issue from this point on? To me this still seems like an interesting feature to have, so I would like to look a bit into it.Thanks,
Mario
Hi Mario,Gerrit allows to trust HTTP authentication and use an header to get the current user.Regarding the groups support, the master includes the ability to integrate 3rd party Group providers: Crowd can be now easily integrated with this.On the Jira integration, I am working on a hooks-jira plug-ins and commit-validation plug-in.Those three points should cover then:a) SSOb) Groups managementc) Issue tracker association and commit validation
Would you need more for integrating with Atlassian ? :-)
Would you need more for integrating with Atlassian ? :-)So, I don't know yet - I'll look a bit more into the Plug-In API - would you guys be interested in more integration with Atlassian as well?
--
--
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en
---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Hi Team,
This is regarding apache2, Crowd authentication with Directory based LDAP issue with Git/Gerrit.
My Environment details:
Operating system: Ubuntu 12.4 LTS – 64 bit.
Apache2 Version
Server version: Apache/2.2.22 (Ubuntu)
Server built: Mar 5 2015 18:10:14
Crowd Version - Atlassian Crowd Version: 2.8.2
Problem description:-
I have configured Crowd authentication with Delegated directory type Microsoft Active Directory with our LDAP settings and provided necessary permissions to crowd-openid-server settings and to our git/gerrit server.
Currently my (gerrit.config) file has below settings to access our git/gerrit portal.
[auth]
type = OPENID_SSO
openIdSsoUrl = http://100.101.102.103:8095/openidserver/
logoutUrl = http:// 100.101.102.103:8095/gerrit_logout.html
But when tried access my gerrit portal, front end shows sign in button once I clicked that the authentication not forwarding to crowd page to enter my login-id and password. It remains on local host itself(means remains in gerrit portal itself).
Note: we have two servers: one for Git/Gerrit & another one for Crowd.
So kindly advise me to fix the same.
Thanks,
Mohan
On 28 May 2015, at 11:54, Mohan .S <moha...@gmail.com> wrote:Hi Team,
This is regarding apache2, Crowd authentication with Directory based LDAP issue with Git/Gerrit.
My Environment details:Operating system: Ubuntu 12.4 LTS – 64 bit.Apache2 VersionServer version: Apache/2.2.22 (Ubuntu)
Server built: Mar 5 2015 18:10:14Crowd Version - Atlassian Crowd Version: 2.8.2
Problem description:-
I have configured Crowd authentication with Delegated directory type Microsoft Active Directory with our LDAP settings and provided necessary permissions to crowd-openid-server settings and to our git/gerrit server.
Currently my (gerrit.config) file has below settings to access our git/gerrit portal.
[auth]type = OPENID_SSOopenIdSsoUrl = http://100.101.102.103:8095/openidserver/logoutUrl = http:// 100.101.102.103:8095/gerrit_logout.html
But when tried access my gerrit portal, front end shows sign in button once I clicked that the authentication not forwarding to crowd page to enter my login-id and password. It remains on local host itself(means remains in gerrit portal itself).
Hi Team, Gerrit Log shows following msg, [2015-05-29 12:29:41,679] INFO org.eclipse.jetty.server.ServerConnector : Started ServerConnector@53e74514{HTTP/1.1}{0.0.0.0:8080} [2015-05-29 12:29:41,680] INFO org.eclipse.jetty.server.Server : Started @8987ms [2015-05-29 12:29:41,682] INFO com.google.gerrit.pgm.Daemon : Gerrit Code Review 2.10.2 ready [2015-05-29 12:30:01,605] ERROR com.google.gerrit.httpd.auth.openid.OpenIdServiceImpl : Cannot discover OpenID http://100.101.102.103:8095/openidserver/op org.openid4java.discovery.yadis.YadisException: 0x706: GET failed on http://100.101.102.103:8095/openidserver/op : 404 at org.openid4java.discovery.yadis.YadisResolver.retrieveXrdsLocation(YadisResolver.java:411) at org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:252) at org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:232) at org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:166) at org.openid4java.discovery.Discovery.discover(Discovery.java:147) at org.openid4java.discovery.Discovery.discover(Discovery.java:129) at org.openid4java.consumer.ConsumerManager.discover(ConsumerManager.java:538) at com.google.gerrit.httpd.auth.openid.OpenIdServiceImpl.init(OpenIdServiceImpl.java:525) at com.google.gerrit.httpd.auth.openid.OpenIdServiceImpl.discover(OpenIdServiceImpl.java:152) at com.google.gerrit.httpd.auth.openid.LoginForm.discover(LoginForm.java:165) at com.google.gerrit.httpd.auth.openid.LoginForm.doGet(LoginForm.java:114) at javax.servlet.http.HttpServlet.service(HttpServlet.java:618) at javax.servlet.http.HttpServlet.service(HttpServlet.java:725) at com.google.inject.servlet.ServletDefinition.doServiceImpl(ServletDefinition.java:279) at com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:269) at com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:180) at com.google.inject.servlet.ManagedServletPipeline.service(ManagedServletPipeline.java:91) at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:85) at com.google.gwtexpui.server.CacheControlFilter.doFilter(CacheControlFilter.java:70) at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) at com.google.gerrit.httpd.RunAsFilter.doFilter(RunAsFilter.java:113) at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) at com.google.gerrit.httpd.AllRequestFilter$FilterProxy$1.doFilter(AllRequestFilter.java:64) at com.google.gerrit.httpd.AllRequestFilter$FilterProxy.doFilter(AllRequestFilter.java:57) at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) at com.google.gerrit.httpd.RequestContextFilter.doFilter(RequestContextFilter.java:75) at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) at com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:119) at com.google.inject.servlet.GuiceFilter$1.call(GuiceFilter.java:133) at com.google.inject.servlet.GuiceFilter$1.call(GuiceFilter.java:130) at com.google.inject.servlet.GuiceFilter$Context.call(GuiceFilter.java:203) at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:130) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1636) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:564) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:219) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1111) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:498) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:183) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1045) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:98) at org.eclipse.jetty.server.Server.handle(Server.java:461) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:284) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:244) at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:534) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:607) at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:536) at java.lang.Thread.run(Thread.java:745) Thanks, Mohan
This looks like the root cause:
GET failed on http://100.101.102.103:8095/openidserver/op : 404
--
--
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en
---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Once i click the "Signin" button it shows below error. Provider is not supported, or was incorrectly entered.
It need to work like below. gerrit--> crowd-openid-server--> LDAP--> ActiveDirectory
-Mohan
Hi Al
my keyclock url - https://192.168.2.1:8443 my gerrit apps - http://192.168.1.1:7070 so i used valid urls in keycloack client as - http://192.168.1.1:7070
my gerrit.config
[plugin "gerrit-oauth-provider-keycloak-oauth"]
root-url = https://192.168.2.1:8443
realm = master
client-id = gerrit
But i am getting error as in UI when gerrit redirect to keycloack We're sorry Invalid parameter: redirect_uri Could you please help me how to resolve it ...
Regards
Ganeshbabu N
Hi Al
my keyclock url - https://192.168.2.1:8443 my gerrit apps - http://192.168.1.1:7070 so i used valid urls in keycloack client as - http://192.168.1.1:7070
my gerrit.config
[plugin "gerrit-oauth-provider-keycloak-oauth"] root-url = https://192.168.2.1:8443 realm = master client-id = gerrit
But i am getting error as in UI when gerrit redirect to keycloack We're sorry Invalid parameter: redirect_uri Could you please help me how to resolve it ...