Closed Bug 1873533 Opened 1 year ago Closed 1 year ago

Requesting GitHub membership to the mozilla-fakespot and mozilla-sre-deploy org for stian@mozilla.com

Categories

(mozilla.org :: Github: Administration, task)

task
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: stian, Unassigned)

Details

I've read https://wiki.mozilla.org/GitHub#Team_Maintainers_.26_Project_Leads, and need help adding a contributor to the org:

Name: Sen Tian
Mozilla Email: stian@mozilla.com
Github Profile link: Staff MUST have their verified GitHub identity listed in their people.m.o entry
Github Team(s) REQUIRED: mozilla-fakespot, mozilla-sre-deploy
NOTE: This is NOT the Org Name, but instead any teams inside the request org.

If this is not being requested by a team maintainer, please request their approval via need-info.

So, you were granted access to the mozilla-fakespot org in bug 1846362 - and I see that you are listed as a current member of the org.

As to the mozilla-sre-deploy org - that one you do not have access to yet - is there a team you'd like to access in there? Looking at other people who were mentioned in that earlier fakespot bug, I think fakespot-devs may be a valid team - but would like confirmation so we can ask the appropriate parties.

Flags: needinfo?(stian)

Hi Chris,

Yes, I had access to mozilla-fakespot. But since today, Github throws me an error saying "Unable to authenticate your SAML session (invalid SAML message). Please try again or contact your organization administrator. "

Andrew advised me to submit a bug.

For mozilla-sre-deploy org, I'm requesting for access, and fakespot-devs is exactly the team. Thank you.

Flags: needinfo?(stian)

OK, from the earlier email chain - you stated that sso.mozilla.com/info showed you as having ghe_mozilla-fakespot_users in the list (the mozillians part is taken for granted) and I see you as being a member of hte org, so you have clearly signed in before... so that says that everything should be working. I'll cc in one of our IAM admins to take a look. (Jake - any thoughts, or troubleshooting steps?)

As to your access to mozilla-sre-deploy - that team is maintained by Brett Kochendorfer - Brett, any concerns with adding Sen?

Flags: needinfo?(jwatkins)
Flags: needinfo?(bkochendorfer)

No concerns here Sen is cool

Flags: needinfo?(bkochendorfer)

Was not a "Cool" Check. We're all pretty snazzy here. Thank you!

I note the approval, but I'm holding off on sending the invites until we hear from the IAM side of things, as anything I do to add you to mozilla-sre-deploy may get hung up in whatever other problems there are.

Will leave this open until we hear from our IAM friends. And then we'll get the invites out for mozilla-sre-deploy.

From the Auth0 side, I do not see any problems with the authentication. The user is successfully authenticating and being authorized to github. It seems like github is not accepting the SAML payload. I would suggest trying to log in via a private web session. If the saml exchange is successful, then try logging out of SSO and github completely before logging back in. If it isn't, successful with in the private session, then we need to dig further into why github is rejecting the SAML exchange.

From the Auth0 logs:

{
  "date": "2024-01-08T20:38:31.380Z",
  "type": "s",
  "connection_id": "",
  "client_id": "vkoDkHlCEUhlHNhVDtewJqRLVLGVsPrZ",
  "client_name": "GitHub Enterprise - mozilla-fakespot",
  "ip": "96.255.235.98",
  "user_agent": "Firefox 121.0.0 / Mac OS X 10.15.0",
  "details": {
    "prompts": [],
    "completedAt": 1704746311376,
    "elapsedTime": null,
    "session_id": "n40PvXYnEm9GaMPkVLjYJtzfEBv8YMWQ"
  },
  "hostname": "auth.mozilla.auth0.com",
  "user_id": "ad|Mozilla-LDAP|stian",
  "user_name": "stian@mozilla.com",
  "log_id": "90020240108203831445490000000000000001223372036870229659",
  "_id": "90020240108203831445490000000000000001223372036870229659",
  "isMobile": false,
  "id": "90020240108203831445490000000000000001223372036870229659",
  "description": "Successful login"
}
Flags: needinfo?(jwatkins)

So, to log out of sso - https://sso.mozilla.com/logout is your friend.

Github logout should be just clicking your avatar and selecting logout.

And there doesn't appear to be anything systemically wrong, as I'm logging into many orgs, including fakespot, without this concern.

Sen, let us know the results of trying things in a private window, and logout/back-in.

Flags: needinfo?(stian)

Hi Jake and Chris,

Thank you for the help.

I can confirm that with a private window, I'm able to login. I also tried to use another browser (Chrome), and it works well.

But for some reason, in Firefox (regular window), even by logging out completely from SSO and Github, I still get the same error. I have a lot of tabs opening, so I can't restart Firefox now. I will do that later when I get the chance.

I think we can close this ticket, since the remaining issue is on my end.

Thank you again.

Sen

Flags: needinfo?(stian)

Well, we can't close, as I haven't given you the invites to the mozilla-sre-deploy org yet ...
As part of the firefox restart - be sure to clear cookies/cache .

You will be getting two invites. First from people.m.o invites to the group ghe_ORGNAME_users - please accept this before proceeding.
Next, from GitHub to whatever email address you have associated with your GitHub account. The invites to the ORGNAME org(s) - once you accept these and sign into GitHub you'll be a member of the org(s), and the requested teams.

If you can't find that GitHub invite, go to the following link and next to the desired organization name, there should be an option to accept an invite. https://github.com/settings/organizations

Note that invites expire after a week, and so if you need things re-sent please update this bug.

Once you’re signed into the org, there may be some changes you need to make if you use PAT/SSH/gh cli/other-tools - directions for that live here: https://wiki.mozilla.org/GitHub/GHE_SAML_User_FAQ#Alright.2C_I.27ve_SAML.27d_what_now.3F

Please let us know if there's any questions or concerns

(And with that, I'll close - feel free to comment/update/reopen if there are problems with this request.)

Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.