Closed Bug 908801 Opened 11 years ago Closed 11 years ago

Build in native Persona auth for phonebook.mozilla.org

Categories

(Infrastructure & Operations :: Infrastructure: Tools, task)

Product:
Infrastructure & Operations
Component:
Infrastructure: Tools
Platform:
x86
macOS
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: nmaul, Assigned: rtucker)

References

(
URL
)

Details

As part of our Persona SSO project, one of the sites we'd like to convert to use Persona authentication is phonebook.mozilla.org.

This is a PHP app, which (AFAIK?) is not based on any framework.

We currently do auth at the Apache level, using HTTP Basic Auth over SSL, tied into LDAP.

We are working on a similar Apache module for Persona, but that project is somewhat stalled, and ultimately we'd prefer native/direct Persona auth anyway.

The only requirement is that we attempt to limit it to the same group of people that are currently able to use Phonebook. That means it should reject anyone that is not @mozilla.com, or any other email address that is routed through our Persona IdP (@mozillafoundation.org, at least, should also be allowed). We may need to make an exception to allow @mozilla.org people, for example, even though that doesn't go through the IdP+LDAP.


Resources that may help:

https://developer.mozilla.org/en-US/docs/Mozilla/Persona
https://github.com/mozilla/browserid-cookbook/blob/master/php/persona.php

Let me know if you have any questions! Of course we'll test it out in dev/stage before doing prod. :)
Assignee: infra → rtucker
cn=phonebook_access,ou=groups,dc=mozilla may be of use here.
Per decision in other bugs, this is a WONTFIX now
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.