Closed Bug 1130190 Opened 11 years ago Closed 11 years ago

How are mozilla-japan.org accounts authenticated by Persona?

Categories

(Cloud Services :: Server: Identity, defect)

Product:
Cloud Services
Component:
Server: Identity
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: richard, Unassigned)

References

Details

Some changes were made to Persona a while back to ensure that revoked mozilla.com LDAP accounts would no longer authenticate. As a result of that we are able to use Persona to authenticate staff members for access to restricted content on Air Mozilla. Is that also true for mozilla-japan.org accounts? Are there any other domains for which the behavior mimics that of mozilla.com?
Summary: How are mozilla-japan.org accounts authenticated by Persona → How are mozilla-japan.org accounts authenticated by Persona?
According to the repo, mozilla.com and mozillafoundation.org are the supported domains. Based on the contributors graph, I'd say mostlygeek is your person to needinfo with any followup questions. https://github.com/mozilla/vinz-clortho https://github.com/mozilla/vinz-clortho/graphs/contributors
Is it possible to have Persona handle mozilla-japan.org accounts the way mozilla.com and mozillafoundation.org accounts are handled, or are they outside the scope of mozilla's LDAP.
Flags: needinfo?(bwong)
Does mozilla's LDAP handle authentication for user@mozilla-japan.org? If it does, then supporting it shouldn't be too difficult
Flags: needinfo?(bwong)
Jabba, Can you answer Benson's question?
Flags: needinfo?(jdow)
Yeah, they are in LDAP in the o=com OU, alongside the @mozilla.com accounts.
Flags: needinfo?(jdow)
If they're in the LDAP we should be able to update mozilla-idp to search it. :jabba would the search base be(o=org, dc=mozilla-japan)?
Flags: needinfo?(jdow)
o=com,dc=mozilla
Flags: needinfo?(jdow)
Thanks :jabba. :richard it should *just work* when this works: https://mozilla-japan.org/.well-known/browserid That URI should return this json: { "disabled": false, "authority": "login.mozilla.org" } Which is what https://mozilla.com/.well-known/browserid returns. This will delegate Persona log in to the Mozilla-IDP service. Since @mozilla-japan.org domains in o=com,dc=mozilla the ldap search should find it and authenticate as expected.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Depends on: 1161585
You need to log in before you can comment on or make changes to this bug.