Closed Bug 1273027 Opened 8 years ago Closed 8 years ago

Replace Persona with an alternative login solution on air.mozilla.org

Categories

(Webtools Graveyard :: Air Mozilla, defect)

Product:
Webtools Graveyard
Component:
Air Mozilla
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
Future

People

(Reporter: rfkelly, Unassigned)

References

Details

Persona will be decommissioned by the end of 2016, and I'm trying to ensure that all the work we need to do between now and then is captured under the following meta-bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1197381 I couldn't find an existing bug for migrating air.mozilla.org away from Persona, so I'm creating one. If there is an existing bug, please link it under the above meta-bug and close this one out.
Also, I just realized, I should have linked to this page with more information on migrating away from Persona, which we'll continue to maintain and update over the year as various Mozilla properties make the move: https://mana.mozilla.org/wiki/display/Identity/Persona+migration+guide+for+internal+sites
Component: Other → Air Mozilla
Product: Air Mozilla → Webtools
Target Milestone: --- → Future
Version: unspecified → other
:peterbe, Hi, I'm part of the Mozilla Enterprise Information Security team (previously called Opsec) and the previous devops engineer for Persona. In advance of the shutdown of Persona on November 30th[1], I was hoping to both find out what was planned, in regards to authentication, as well as offer up assistance and alternatives if needed. Firstly, I'm hoping to communicate with either the developer/development team capable of modifying the authentication code for the site or the manager responsible for the site. If I've made this request to the wrong person, please let me know, and feel free to ignore the questions below. If you happen to know who the right person is and can share that with me even better. If you'd prefer to just have a short discussion over Vidyo instead of writing a response, that's totally fine, either say so and I'll set it up or send a calendar invite to me to chat. * Has an alternative authentication solution been selected for the site, if so what is the new planned auth solution? * Is there a timetable and resources to complete the development of the change before November 30th? * Would you like any help in coming up with an alternate auth solution? We have reference architectures for a handful of frameworks. If so, either schedule a Vidyo call with me or I will schedule one with you. * How would you characterize your site's userbase? Do users that login currently consist only of people with Mozilla LDAP accounts? Do Mozilla contributors/community also currently log into the site? Does the general public log into the site? * Since your currently using Persona for auth I'm assuming that your site doesn't have access to metadata about users stored in LDAP (e.g. first and last name) or access to LDAP group information of users (e.g. what Mozilla team they're in). Would your site benefit from this type of information if it were available in the new auth solution? * Does your site accept other login methods beyond Persona currently (e.g. github, mozillians, google+) and if so which ones? * Do you currently take advantage of the branding capabilities[2] of Persona which allow you to put your site's logo or site name in the Persona login popup? Do you have requirements for your replacement auth solution related to branding? A specific example around branding is the fact that the Firefox Accounts auth solution has "Firefox" branding associated with the login process which may or may not be acceptable to you for your site. [1]: https://wiki.mozilla.org/Identity/Persona_Shutdown_Guidelines_for_Reliers [2]: http://identity.mozilla.com/post/27122712140/new-feature-adding-your-websites-name-and-logo
Flags: needinfo?(peterbe)
(In reply to Gene Wood [:gene] from comment #2) > :peterbe, > > Hi, I'm part of the Mozilla Enterprise Information Security team (previously > called Opsec) and the previous devops engineer for Persona. In advance of > the shutdown of Persona on November 30th[1], I was hoping to both find out > what was planned, in regards to authentication, as well as offer up > assistance and alternatives if needed. > > Firstly, I'm hoping to communicate with either the developer/development > team capable of modifying the authentication code for the site or the > manager responsible for the site. If I've made this request to the wrong > person, please let me know, and feel free to ignore the questions below. If > you happen to know who the right person is and can share that with me even > better. > > If you'd prefer to just have a short discussion over Vidyo instead of > writing a response, that's totally fine, either say so and I'll set it up or > send a calendar invite to me to chat. > Would love to. Vidyo is more efficient than Bugzilla. Please book me in. > * Has an alternative authentication solution been selected for the site, if > so what is the new planned auth solution? No alternative planned. > * Is there a timetable and resources to complete the development of the > change before November 30th? We will need to start using localStorage or something to help people remember which email they USED to use when they're asked to use another system. > * Would you like any help in coming up with an alternate auth solution? We > have reference architectures for a handful of frameworks. If so, either > schedule a Vidyo call with me or I will schedule one with you. Yes please. > * How would you characterize your site's userbase? Do users that login > currently consist only of people with Mozilla LDAP accounts? Do Mozilla > contributors/community also currently log into the site? Does the general > public log into the site? We have about 50% LDAP staff and 50% personal emails associated with a Mozillians account. > * Since your currently using Persona for auth I'm assuming that your site > doesn't have access to metadata about users stored in LDAP (e.g. first and > last name) or access to LDAP group information of users (e.g. what Mozilla > team they're in). Would your site benefit from this type of information if > it were available in the new auth solution? We do not need user identity/metadata. Just that they can prove their email address. > * Does your site accept other login methods beyond Persona currently (e.g. > github, mozillians, google+) and if so which ones? No. And I don't think mozillians as an auth service. e.g. OAuth. > * Do you currently take advantage of the branding capabilities[2] of Persona > which allow you to put your site's logo or site name in the Persona login > popup? Do you have requirements for your replacement auth solution related > to branding? A specific example around branding is the fact that the Firefox > Accounts auth solution has "Firefox" branding associated with the login > process which may or may not be acceptable to you for your site. > We don't use a logo. Just the project name. We don't think the Firefox branding (a la Firefox Accounts) is a problem. > > [1]: > https://wiki.mozilla.org/Identity/Persona_Shutdown_Guidelines_for_Reliers > [2]: > http://identity.mozilla.com/post/27122712140/new-feature-adding-your- > websites-name-and-logo
Flags: needinfo?(peterbe)
:peterbe, can you please provide an update on the status of migrating AirMo away from Persona?
Flags: needinfo?(peterbe)
The update is that we're going to switch to Auth0.com I have most of the code (untested) in a branch ready to go. One major crux is that we really don't want NON-Mozilla-staff and NON-Google Accounts and NON-GitHub accounts people to have to create yet another password account, but I think we have to.
Flags: needinfo?(peterbe)
(In reply to Peter Bengtsson [:peterbe] from comment #5) > One major crux is that we really don't want NON-Mozilla-staff and NON-Google > Accounts and NON-GitHub accounts people to have to create yet another > password account, but I think we have to. not sure if this helps or not, but you can use BMO as an authentication provider (mozreview does this, but it isn't alone there). http://bmo.readthedocs.io/en/latest/integrating/auth-delegation.html by throwing bugzilla in the mix you may get the existing account coverage you desire.
Depends on: 1313713
Depends on: 1314366
Depends on: 1314765
Depends on: 1315338
Depends on: 1315719
Depends on: 1315730
Persona added a lot of heavily un-cacheable assets to every page load. Very soon we're going to replace Persona entirely. So here's prod as of Friday Nov 11 with still a lot of Persona assets loaded (AJAX and static stuff) https://www.webpagetest.org/result/161111_PK_YHF/ Note-to-self: Run Dulles VA, Firefox, DSL 1.5Mps, 3 runs on prod after we've removed all of Persona.
IIUC, Air Mozilla has migrated off Persona. Can this be closed?
Flags: needinfo?(peterbe)
Ahh https://www.webpagetest.org/result/161129_3V_T4Y/ Such a smaller graph of dependencies!
Status: NEW → RESOLVED
Closed: 8 years ago
Flags: needinfo?(peterbe)
Resolution: --- → FIXED
Product: Webtools → Webtools Graveyard
You need to log in before you can comment on or make changes to this bug.