Closed
Bug 1225569
Opened 9 years ago
Closed 8 years ago
Users are unable to log into taskcluster using mozillians
Categories
(Taskcluster :: Services, defect)
Taskcluster
Services
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: AdamA, Unassigned)
References
Details
Attachments
(1 file)
|
26.10 KB,
image/png
|
Details |
Authentication_portal.png
Users are unable to log into task cluster using a mozillians/persona account. When users choose to sign in with mozillians it will say that the login is verified but users are not actually logged in. Steps: 1) go to https://tools.taskcluster.net/ 2) Click on login in the top right corner 3) Choose to "sign in with mozillians" 4) login 5) attempt to download from taskcluster 6) observe user not logged in
|
Reporter | |
Updated•9 years ago
|
Flags: needinfo?(ktucker)
|
||
Updated•9 years ago
|
Flags: needinfo?(ktucker)
|
||
Comment 1•9 years ago
|
||
Make sure you use the email you've registered with on mozillians and that the email is public otherwise I can't see it.. Note: we'll need to create groups for users to join... Logging into mozillians won't give you any scopes until we configure some... This is all button click config.. If someone is interested in curating a group on mozillians and having scopes issued to the members NI? or ping me..
|
||
Comment 2•9 years ago
|
||
Good day, Jonas. I also encountered this issue. I used my Mozilla LDAP account (whsu@mozilla.com) to sign in taskcluster by using mozillians options. The web page doesn't have any response. It always stays on authentication portal page. (As picture shown) But if I log into taskcluster using SSO, it will redirect to SSO page and I can successfully sign in task cluster. We need to address this problem since our partners need to log in taskcluster to download daily builds. (They cannot sign in via SSO) Any thought?
Flags: needinfo?(jopsen)
|
|
||
Comment 3•9 years ago
|
||
|
|
||
Comment 4•9 years ago
|
||
Hmm... When I search mozillians.org for you email using the API I don't get you:https://mozillians.org/api/v2/users/?email=whsu@mozilla.com But I get myself: https://mozillians.org/api/v2/users/?email=jopsen@gmail.com Check that you email is public on mozillians... Hmm... I'll look into adding an error message we need that anyways.
|
|
||
Comment 5•9 years ago
|
||
I used the API to query both your and my email. It returns message below.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HTTP 403 FORBIDDEN
Content-Type: application/json
Vary: Accept
Allow: GET, HEAD, OPTIONS
{
"detail": "Authentication credentials were not provided."
}
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I am not sure if it relates to LDAP group.
If my email needs to be joined the specific LDAP group, please feel free to let me know.
By the way, the authentication portal page seems to be a new page that it didn't exist before.
I don't know the major purpose of authentication portal.
But, is there something wrong with system integration?
Because, now, our partners cannot sign in taskcluster by using both "Mozillians" and "SSO".
@ email account:
1. aalldredge@qanalydocs.com
2. fan.luo@mgsei.com|
|
||
Comment 6•9 years ago
|
||
> I used the API to query both your and my email. It returns message below. If using the API in browser you need to be logged into mozillians, so you have the cookie... For mozillians login you must: * make sure you email is public on mozillians.org (check with https://mozillians.org/api/v2/users/?email=<email>, be logged in to mozillians.org) See: https://mozillians.org/en-US/user/edit/emails/ * Set "Sites that can determine my vouched status:" to "All Community Sites" * Set "Allow Mozilla sites to access my profile data?" to "Yes" * Be a vouched mozillian Authenticating with mozillians won't give you any scopes. You get scopes by joining curated groups. For example, jlorenzo, setup b2g-qa-internal: https://mozillians.org/en-US/group/b2g-qa-internal/ And jlorenzo grants access to that group, and members gets the following scope: https://tools.taskcluster.net/auth/roles/#mozillians-group:b2g-qa-internal (hence, can access private/build/* artifacts)
|
|
||
Comment 7•9 years ago
|
||
So after diving further into this (credits to safwan), it seems that mozillians.org has issues where it caches API responses. I filed bug 1227293 to address that in the mean time I'm adding &cheat-cache=<random> to my requests :) To make it work you must: * Set your email to public: https://mozillians.org/en-US/user/edit/emails/ * Set "Sites that can determine my vouched status:" to "All Community Sites" * Be a vouched mozillian --- I also filed bug 1227290 to get a privileged API key for mozillians.org Once I have that making they email public might not be a requirement anymore. --- Please, ni? me if this still doesn't work.
|
|
||
Comment 8•9 years ago
|
||
(In reply to Jonas Finnemann Jensen (:jonasfj) from comment #7) > So after diving further into this (credits to safwan), it seems that > mozillians.org has issues > where it caches API responses. > I filed bug 1227293 to address that in the mean time I'm adding > &cheat-cache=<random> to my requests :) > > To make it work you must: > * Set your email to public: https://mozillians.org/en-US/user/edit/emails/ > * Set "Sites that can determine my vouched status:" to "All Community Sites" > * Be a vouched mozillian > > --- Cool! Thanks for your help, Jonas. It solved our problem. We can successfully log into taskcluster to access builds. I will share the information to the other team members. :)
|
|
||
Comment 9•8 years ago
|
||
reopen, if this wasn't solved for everybody...
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
|
Assignee | |
Updated•5 years ago
|
Component: Authentication → Services
You need to log in
before you can comment on or make changes to this bug.
Description
•