How do I configure the openIdconnect plugin in Tuleap?

Question

I'm trying to configure the openIdconnect plugin in the Tuleap. I have a CAS service keycloak and in Tuleap I installed the plugin and created a provider, then I put the urls to authorization, token and user info. But when I enter with a login and password (with success) in the CAS service the redirection to tuleap don't find a user and go to /account/login again.

I wanted the user was authenticated following the flow that is shown on the Tuleap Guide aboute User Authentication.

Does anyone knows why?

Do you already have an account on Tuleap (that should be mapped to your OpenID identity) or should it be a new account ? — Manuel VACELET, Sep 28 '16 at 08:49
Yes I have an account on Tuleap, but how can I mapped it with OpenID identity? Thanks. I'm new in Tuleap :D — Franco Neto, Sep 28 '16 at 12:47
Does it should be a new account too? In case if I don't have an account created? thanks — Franco Neto, Sep 28 '16 at 13:12

score 0 · Answer 1 · answered Sep 28 '16 at 13:25

0

Once your OpenIDConnect authority identified you and have redirect you to the Tuleap server you can face 2 situations:

If the OpenID user is already know on Tuleap, the login is done automatically
If the OpenID is not known, you have 2 options: associate with an existing account or create a new account.

If you already have an account on Tuleap and want to associate this account with the OpenID identity, you will be asked to login with your Tuleap account (so we ensure you own it). Once it's done, you no longer have to enter your password anymore.

If it's your first time on Tuleap, you will be asked to fill some informations to create your account (including a password because you might need it if you want to do git or svn). Once the account is created, for web login, you will only need to use the OAuth button.

answered Sep 28 '16 at 13:25

Manuel VACELET

349
2
7

But the problem Manuel is that when I logged on CAS server the redirect to Tuleap don't give me this options above the redirect go to the page for example, "/plugins/openidconnectclient/?state=Ysdhasd...." and show the message "Request seems invalid, please retry." and redirect to page login again. Sorry but I do not understand what is wrong can. – Franco Neto Sep 28 '16 at 13:59
Which version of Tuleap are you using ? – Manuel VACELET Sep 28 '16 at 14:39
Version 8.15.99.69 – Franco Neto Sep 28 '16 at 14:51
How, that's old, there was a couple of fix in 8.17 release cycle so I strongly suggest that you update Tuleap first – Manuel VACELET Sep 28 '16 at 14:56
Ok I will update and test. – Franco Neto Sep 28 '16 at 15:06
Manuel I has this error now "Unexpected error when handling authentication request to identity provider." – Franco Neto Sep 28 '16 at 21:21
It's likely to be a bug then, could you fill a bug there so we can further the troubleshooting: https://tuleap.net/plugins/tracker/?tracker=140&func=new-artifact – Manuel VACELET Sep 29 '16 at 07:05
It wasn't a BUG. I followed the steps said by Thomas but the error continued. The request is #9527. – Franco Neto Sep 30 '16 at 14:48

How do I configure the openIdconnect plugin in Tuleap?

1 Answers1