tickets #162650
open
RFC: Disable lists.o.o social auth
Added by crameleon 5 months ago.
Updated 3 months ago.
Description
All of our other public services only allow for login using SUSE IDP credentials.
To unify the lists.o.o setup and to reduce spam originating from third party accounts I propose to disable all other login connectors in HyperKitty. This would be announced two weeks in advance to heroes@ and project@, giving people who relied on the social auth feature before time to switch. No migration procedure will be provided.
- Private changed from Yes to No
- Description updated (diff)
I like the idea, and hope it really helps to get rid of the spammers.
I'd even say that announcing the change two weeks in advance is superfluous, given how easy it is to create an account.
- Status changed from New to In Progress
- Assignee set to crameleon
Announcement draft prepared and feedback requested:
lists.opensuse.org social auth deprecation
Hi everyone,
all of our public openSUSE services use the SUSE IDP [1] system for authentication. The mailing list web interface on https://lists.opensuse.org (running HyperKitty) is currently an odd one out by additionally offering authentication through various third party authentication systems (GitHub, GitLab, Stack Exchange, ...).
In order to unify the setup, and to reduce spam originating from "foreign" accounts, we will remove this "social auth" functionality and disable accounts using it.
If you are using lists.opensuse.org with such a third party account (i.e. you are clicking any button other then "openSUSE" after "Sign In" on https://lists.opensuse.org), please unsubscribe from any mailing lists and subscribe again using your SUSE IDP [1] account.
If you have never logged in to the lists.opensuse.org web interface, you can likely ignore this message.
This effort is tracked via https://progress.opensuse.org/issues/162650.
The change will happen after 2024-07-14.
Cheers,
Georg
[1] The SUSE IDP system is the common login system used for most *.opensuse.org web services. Accounts can be managed on https://idp-portal.suse.com/.
- Status changed from In Progress to Workable
Upon discussion with @cboltz, people shouldn't need to unsubscribe and re-subscribe, but adding an email address to an account requires it to not yet be assigned to any existing account.
Furthermore it was found that many users use the generic OpenID login to authenticate with their SUSE IDP account, instead of using the native button. These would also need to switch and require consideration in the announcement (or require administrative migration in the database).
Hence this seems to be more involved than anticipated.
- Assignee deleted (
crameleon)
Also available in: Atom
PDF