Please place - https://support.mozilla.org/admin behind LDAP basic auth.
Are you sure? I see it redirect to the normal login page page There seems to be a functional redirect bug, I counted four in loading the page with the ultimate url of a loaded page settling at https://support.mozilla.org/en-US/users/auth?next=/admin/login/?next=/admin/ (I url decoded it) I couldn't reach a django login page
Yes, /admin should be behind ldap. Django's Admin and support share the same login page, thus the redirect.
Giorgos, We have an ongoing project to eliminate basic auth / ldap everywhere. There is a new draft standard (it will be approved shortly) explaining how this should be configured: https://mana.mozilla.org/wiki/display/POLICIES/Website+User+Authentication+Standard Is it possible for the Admin interface to not be web accessible to the Internet at all? That is most preferable. Please needinfo: me if you need any help, thank you
Keywords: sec-moderate, wsec-authentication
Summary: Add LDAP Basic Auth to support.mozilla.org/admin → Add Okta SSO and Duo 2FA to support.mozilla.org/admin
Allowing /admin only over VPN is acceptable. Is this something that WebOps would take care? Please note that SUMO is in maintenance mode and it's strongly advised that we touch as little code as possible, so implementing a solution on the server level is preferred.
can you cc me to 1270363 please?
Flags: needinfo?(amuntner) → needinfo?(smani)
(In reply to Adam Muntner [:adamm] (use NEEDINFO) from comment #5) > can you cc me to 1270363 please? Done.
I've enabled this at: https://support.allizom.org/admin I will do support.mozilla.org/admin on Monday. going to wait for :giorgos to come back from PTO and file a cab request today.
All done here!
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → FIXED
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in before you can comment on or make changes to this bug.