Hello all,

As some of you noticed, FreeIPA wiki authentication via OpenID was
broken in the last days. I suspect (but did get reply from Patrick who
running the Fedora infra yet) that it was caused by Fedora moving to
mode modern authentication protocol, i.e. from OpenID to OpenID Connect

Unfortunately, I cannot make the OIDC login for our current FreeIPA
instance available, given that our wiki runs on OpenShift v2 which uses
PHP 5.3.3 cartridge, which can get us only as far as to Mediawiki 1.26.
OIDC mediawiki authentication plugin is supported from 1.27 forward.

So the wiki needs to be either:
- migrated to newer PHP cartridge on current Red Hat OpenShift v2 instance
- migrated to OpenShift v3 (preferred)
to unblock us from this situation and get to proper OIDC authentication.

However, this will need more time and preparation (which I do not even
have right now). For now, I simply disabled OpenID authentication in our
wiki and enabled password logins again! Anonymous account creation is
disabled to avoid spammers. However, given that we now enforce people to
be in a special group (editors) to fight the spammers, there is actually
no big functionality lost in this, except having to use yet another

To summarize, if you want to access the wiki again, please use the
password you may have had before we migrated to Fedora OpenID. If you do
not have the password yet, you should be able to simply reset it before
logging in and you should get an email (the mail part did not work for
martbab this afternoon, though). In the worst case, I can reset the
password for you, just shoot me an email.


Martin Kosek <mko...@redhat.com>
Manager, Software Engineering - Identity Management Team
Red Hat, Inc.

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to