tickets #162650: RFC: Disable lists.o.o social auth - openSUSE admin - openSUSE Project Management Tool

Custom queries

Events of the openSUSE Heroes
my assigned stuff
obs-admin-tickets
openQA Infrastructure Project
openqa-review - Closed tickets last updated by openqa-review, last 30 days
QA roadmap long-term
QA SLE functional
QA SLE Functional - closed in last 14 days
QA SLE Functional - High, need to be refined
QA SLE Functional - over cycle time median
QA SLE u
QA SLE y
QA tools (tag not necessary in openQA and subprojects)
QA tools tag (tag not necessary in openQA and subprojects; excluding tickets in "Ready" version as they are already on the backlog)
QAC - Backlog
QE tools team - backlog (dev)
QE tools team - backlog (ready issues)
QE tools team - backlog SLA high
QE tools team - backlog SLA immediate
QE tools team - backlog SLA no immediate/urgent in feedback/blocked
QE tools team - backlog SLA normal
QE tools team - backlog SLA urgent
QE tools team - backlog SLO high
QE tools team - backlog SLO normal
QE tools team - backlog SLO urgent
QE tools team - backlog, high-level view (epics and higher)
QE tools team - backlog, non-reactive work, needs parent
QE tools team - backlog, top-level view (all sagas)
QE tools team - closed within last 14 days
QE tools team - closed within last 60 days
QE tools team - closed yesterday
QE Tools Team - Collaborative Session
QE tools team - due date forecast
QE tools team - exceeding due-date
QE tools team - infrastructure backlog
QE tools team - next - sorted by update time
QE tools team - next issues
QE tools team - non-estimated (unblocked) issues (dev)
QE tools team - non-estimated (unblocked) issues (infra)
QE tools team - ready issues - Workable
QE tools team - ready, not assigned/blocked/low
QE tools team - SLO high forecast
QE tools team - update forecast
QE tools team - updated by priority
QE tools team - what members of the team are working on - Feedback (not-low)
QE Tools Team Backlog By Assignee
Tools Team Retrospective
Tools Team Retrospective (not estimated or assigned)

Actions

Copy link

tickets #162650

open

RFC: Disable lists.o.o social auth

Added by crameleon 27 days ago. Updated 5 days ago.

Status:

Workable

Priority:

Normal

Assignee:

crameleon

Category:

Mailing lists

Target version:

Start date:

2024-06-20

Due date:

% Done:

Estimated time:

Description

All of our other public services only allow for login using SUSE IDP credentials.
To unify the lists.o.o setup and to reduce spam originating from third party accounts I propose to disable all other login connectors in HyperKitty. This would be announced two weeks in advance to heroes@ and project@, giving people who relied on the social auth feature before time to switch. No migration procedure will be provided.

History
Notes
Property changes

Actions

Copy link

Updated by crameleon 27 days ago

Private changed from Yes to No

Actions

Copy link

Updated by crameleon 27 days ago

Description updated (diff)

Actions

Copy link

Updated by cboltz 27 days ago

I like the idea, and hope it really helps to get rid of the spammers.

I'd even say that announcing the change two weeks in advance is superfluous, given how easy it is to create an account.

Actions

Copy link

Updated by crameleon 10 days ago

Status changed from New to In Progress
Assignee set to crameleon

Announcement draft prepared and feedback requested:

lists.opensuse.org social auth deprecation

Hi everyone,

all of our public openSUSE services use the SUSE IDP [1] system for authentication. The mailing list web interface on https://lists.opensuse.org (running HyperKitty) is currently an odd one out by additionally offering authentication through various third party authentication systems (GitHub, GitLab, Stack Exchange, ...).
In order to unify the setup, and to reduce spam originating from "foreign" accounts, we will remove this "social auth" functionality and disable accounts using it.

If you are using lists.opensuse.org with such a third party account (i.e. you are clicking any button other then "openSUSE" after "Sign In" on https://lists.opensuse.org), please unsubscribe from any mailing lists and subscribe again using your SUSE IDP [1] account.

If you have never logged in to the lists.opensuse.org web interface, you can likely ignore this message.

This effort is tracked via https://progress.opensuse.org/issues/162650.

The change will happen after 2024-07-14.

Cheers,
Georg

[1] The SUSE IDP system is the common login system used for most *.opensuse.org web services. Accounts can be managed on https://idp-portal.suse.com/.

Actions

Copy link

Updated by crameleon 5 days ago

Status changed from In Progress to Workable

Upon discussion with @cboltz, people shouldn't need to unsubscribe and re-subscribe, but adding an email address to an account requires it to not yet be assigned to any existing account.

Furthermore it was found that many users use the generic OpenID login to authenticate with their SUSE IDP account, instead of using the native button. These would also need to switch and require consideration in the announcement (or require administrative migration in the database).

Hence this seems to be more involved than anticipated.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

openSUSE admin

Tags

Custom queries

tickets #162650

RFC: Disable lists.o.o social auth

Updated by crameleon 27 days ago

Updated by crameleon 27 days ago

Updated by cboltz 27 days ago

Updated by crameleon 10 days ago

Updated by crameleon 5 days ago