How to set up google apps openId account for Gerrit
I am trying to tune Gerrit
in OpenID
as access control. I need mine google apps account
to be used as openID. I tried a couple of ways to achieve this, but not consistent yet. This is what mine looks like gerrit config
:
[auth]
type = OPENID
allowedOpenID = 'https://www.google.com/accounts/o8/site-xrds?hd=mysite.com'
In the above configuration, when I try to login, I get an error Provider is not allowed
.
It works fine with a regular account google
, but not with google apps account
. I've already read a lot of posts on developer sites stackoverflow
and Gerrit
but nothing worked for me. Any help is appreciated.
EDIT:
The problem was the use of single quotes '
around the url. Howerver now has a new question: as soon as I log in and return to my site, it says:The page you requested was not found, or you do not have permission to view this page
URL redirected mysite.com/#SignInFailure,SIGN_IN,Provider+not+allowed
. Any idea?
source to share
After some searching and reading the documentation, I came across this commit . I tried it in Gerrit 2.7-rc1 and it worked.
Your gerrit config should contain the following:
[auth]
type = OPENID
trustedOpenID = https://www.google.com/accounts/o8/id?id=
openIdDomain = @mysite.com
This allows me to log in using any OpenID-enabled email address on the mysite.com domain and disallows others. Note that "@" should be where it doesn't work without it .; -)
Additionally, if you want to allow Google as an OpenID provider, you can set the following to skip the OpenID provider selection:
[auth]
type = OPENID_SSO
openIdDomain = @mysite.com
openIdSsoUrl = https://www.google.com/accounts/o8/id
The documentation for Gerrit 2.6 also contains this information.
source to share