Closed Bug 1283138 Opened 4 years ago Closed 3 years ago
Deprecate Persona and provide information to client about alternative methods to login to BMO
Continued from https://bugzilla.mozilla.org/show_bug.cgi?id=1223236#c7 :dylan, Hi, I'm part of the Mozilla Enterprise Information Security team (previously called Opsec) and the previous devops engineer for Persona. In advance of the shutdown of Persona on November 30th, I was hoping to both find out what was planned, in regards to authentication, as well as offer up assistance and alternatives if needed. Firstly, I'm hoping to communicate with either the developer/development team capable of modifying the authentication code for the site or the manager responsible for the site. If I've made this request to the wrong person, please let me know, and feel free to ignore the questions below. If you happen to know who the right person is and can share that with me even better. If you'd prefer to just have a short discussion over Vidyo instead of writing a response, that's totally fine, either say so and I'll set it up or send a calendar invite to me to chat. * It sounds like in Bug 1223236 the plan is to simply remove Persona as a login option. Is this the case? How will existing Persona users login after the option is removed? * Is there a timetable and resources to complete the development of the change before November 30th? * Since your currently using Persona for auth I'm assuming that bugzilla doesn't have access to metadata about users stored in LDAP (e.g. first and last name) or access to LDAP group information of users (e.g. what Mozilla team they're in). Would bugzilla benefit from this type of information if it were available in the new auth solution? : https://wiki.mozilla.org/Identity/Persona_Shutdown_Guidelines_for_Reliers : http://identity.mozilla.com/post/27122712140/new-feature-adding-your-websites-name-and-logo
I was just thinking about this. First thing -- if Persona were to go away at this instant it would only have a minor effect on BMO users. Bugzilla does not have different types of accounts, only different types of authenticators. Any Persona-using account can perform a "forgot password" request and have a password. Users with passwords can use persona still. Meanwhile, we also support GitHub for authentication. Were I not a "no-external-auth" user, I could login with either my password, Persona, or GitHub (currently). I think the best migration strategy would be to replace the login with Persona button with a link to a page that explains options the user now has for logging in: a) create or reset password b) login with GitHub. We were also thinking of adding support for Firefox Accounts, but those are actually less useful than GitHub because they only allow one email address. As for the LDAP / groups stuff, that is something we should discuss in another bug. I know the idea using okta for employees has been floated...
Assignee: nobody → dkl
Status: NEW → ASSIGNED
Priority: -- → P1
Summary: Replace Persona with an alternative login solution on bugzilla.mozilla.org → Deprecate Persona and provide information to client about alternative methods to login to BMO
Comment on attachment 8773943 [details] [diff] [review] 1283138_1.patch Review of attachment 8773943 [details] [diff] [review]: ----------------------------------------------------------------- r=dylan Apparently bz dev manager wasn't applying my params_bmo because is_bmo() broke after the migration to github. ugh.
Attachment #8773943 - Flags: review?(dylan) → review+
IIUC this is all done and dusted and Persona is no longer an option on BMO. Closing this bug out, thanks all!
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.