Build in native Persona auth for phonebook.mozilla.org

RESOLVED WONTFIX

Status

Infrastructure & Operations
Infrastructure: Tools
RESOLVED WONTFIX
4 years ago
4 years ago

People

(Reporter: jakem, Assigned: rtucker)

Tracking

Details

(URL)

(Reporter)

Description

4 years ago
As part of our Persona SSO project, one of the sites we'd like to convert to use Persona authentication is phonebook.mozilla.org.

This is a PHP app, which (AFAIK?) is not based on any framework.

We currently do auth at the Apache level, using HTTP Basic Auth over SSL, tied into LDAP.

We are working on a similar Apache module for Persona, but that project is somewhat stalled, and ultimately we'd prefer native/direct Persona auth anyway.

The only requirement is that we attempt to limit it to the same group of people that are currently able to use Phonebook. That means it should reject anyone that is not @mozilla.com, or any other email address that is routed through our Persona IdP (@mozillafoundation.org, at least, should also be allowed). We may need to make an exception to allow @mozilla.org people, for example, even though that doesn't go through the IdP+LDAP.


Resources that may help:

https://developer.mozilla.org/en-US/docs/Mozilla/Persona
https://github.com/mozilla/browserid-cookbook/blob/master/php/persona.php

Let me know if you have any questions! Of course we'll test it out in dev/stage before doing prod. :)
(Assignee)

Updated

4 years ago
Assignee: infra → rtucker
cn=phonebook_access,ou=groups,dc=mozilla may be of use here.
(Assignee)

Comment 2

4 years ago
Per decision in other bugs, this is a WONTFIX now
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.