Opened 4 years ago

Last modified 4 months ago

#12750 new enhancement

Simple user login with one profile

Reported by: dsjonny Owned by: haiku-web
Priority: normal Milestone:
Component: Website Version:
Keywords: Cc:
Blocked By: Blocking: #15149, #15204
Has a Patch: no Platform: All

Description

It would be better and useful if the user's would have only one account for all Haiku "component" instead of registering a separate account for each Haiku page (like haiku-os.org, Trac, Pootle, User Guide, HaikuDepot).

I have registered (or try to register) for every Haiku site and Haiku depot, but if I want/need to change a password or e-mail I need to do this on everywhere.

If we have only one account for Haiku, than the user is registering at haiku-os.org and got access for all the other site. And the user management would simple too.

Change History (6)

comment:1 by richienyhus, 4 years ago

Something I have been promoting for a number of years. Here is a last edit of my last email on the matter:

I think we should set up Enterprise level account management, and since we are now not using bitbucket, we can look at open source identity and access management solutions.

There are a number of options available such as:

This would give us single sign-on (one login for all Haiku websites), enterprise level security and easier user management. Check out Ubuntu's and Fedoras' implementations of this type of system. The only things that wouldn't be covered would be IRC, the MLs, and of course Github.

comment:2 by JohnGoold, 12 months ago

This is clearly the correct approach. In my opinion that is not debatable.

However, since the enhancement request has been sitting here for years, perhaps a relatively easy intermediate step could be taken (some parts of this have been submitted by other people in other tickets):

Rationalize the rules across all the Haiku websites. That is, allow a person to use the same User-Id and Password across all of them. This is currently awkward as there are different "rules" for the formation of User-Ids and passwords for different sites as I found out when I first attempted to register for dev.haiku-os.org (I was unable to use the User-Id and Password that I used for discuss.haiku-os.org).

Get rid of any silly password restrictions. It is unbelievable that a password containing ONE upper-case letter, one digit and several special characters that is 16-characters long is not accepted!

Spell out the restrictions on User-Ids and Passwords in guide text that can be seen on the registration screen.

comment:3 by kallisti5, 4 months ago

Blocking: 15204 added

comment:4 by kallisti5, 4 months ago

Closing #15204 as a duplicate of this one.

Here's a comment I made there:

While rolling out Gerrit, I did consider going with a locally hosted unified auth solution. However our resources are limited and github had a low bar to entry (all of our developers had github accounts)

I don't see an easy way to "use trac accounts" given the way trac works. (I also don't trust Trac to hold all of our sensitive user data). We might be able to deploy an ldap server and migrate to it as a common data source for user accounts, however "moving existing accounts over to ldap" is a tricky procedure, we would need to import the accounts and offer some kind of self-service to reset passwords. We would also need to fill GDPR requirements while we're at it.

With all of that said, we have quite a few other *large* projects in flight (builbot repairs / replacement, online.net iSCSI being sketchy) which have the potential of blocking R1 / R1 Beta 2 if not done. The priority of this one is low at the moment.

comment:5 by kallisti5, 4 months ago

Also, i'm actually trained at Forgerock (DS,IDM,AM). It's horrible. -100

Last edited 4 months ago by kallisti5 (previous) (diff)

comment:6 by waddlesplash, 4 months ago

Blocking: 15149 added
Note: See TracTickets for help on using tickets.