Mozillians.org and SSO login issues

500
mozillians
login
(Michal Stanke) #1

Hi.

For better security of my account, I wanted to use better authenticated accounts to with my Mozillians profile. I went to my Mozillians profile settings and added Github and Google as new identities, but now I am facing several issues.

First my personal e-mail from Github is not exposed on the Mozillians profile, which is not meant to be. I use a different one for my Mozilla contributions. I have tried to change it on Github and add the identity again, but it did not helped.

After logging off my LDAP login does not work here again. I am always getting: “Access Denied. The username you have entered cannot authenticate with Duo Security. Please contact your system administrator.”.

After logging on with my Github (needed to set the default e-mail back to the personal one again), I cannot get to my profile settings - always getting a 500 error.

(Meteor) #2

Me too.

(Henrik Mitsch) #3

Hi @meteor,

can you please log in to https://login.mozilla.com/ and configure MFA (multi-factor authentication) for your volunteer LDAP account?

Please let us know if this works and if it solves your problem?

Best regards,
Henrik

(Archaeopteryx) #5 
"Start setup" fails with
Content Security Policy: The page’s settings blocked the loading of a resource at https://api-4b043da5.duosecurity.com/frame/enroll...

This LDAP auth change also affects my account for managing the code trees. Once the cached session expires, I will have to login but not be able to do so, and won’t be able to close trees, star jobs, request new jobs etc. Please make this issue a priority.

(John Giannelos) #6

Hey @mstanke! Regarding the 500 error, it should be fixed after this gets pushed to prod:
https://github.com/mozilla/mozillians/pull/1940

Sorry for the inconvenience.

(Meteor) #7

@hmitsch I am OK now. Thanks.

(Henrik Mitsch) #8

Hi @Archaeopteryx,

we made this a priority and you should be able to log in again. Can you confirm?

Best regards,
Henrik

(Henrik Mitsch) #9

@meteor just to be on the safe side: Did you successfully enroll in DUO multi-factor auth?

(Irvin Chen) #10

@hmitsch I seems to accidentally created another Mozillians account when trying to login with Github.

Now when I try to link the current account to Github, it said “Account verification failed: Identity already exists.”.

If I try login to the dummy account, it still stop at this account creating step:
https://mozillians.org/en-US/user/edit/

How can I delete the new one? Should I finish creating the new one and try delete it?

(John Giannelos) #11

@irvin This will work.

(Irvin Chen) #12

finish create new one and delete it does works, thanks!

(Michal Stanke) #13

Hi @hmitsch.

I have tried to set up 2FA too, but when I click the “Start setup” button, nothing happens. In the browser console I see some CSP errors and 404 request error printed there.

(Michal Stanke) #14

Thanks @johngian, I can now get to the profile settings. How can I now change the identity displayed below my picture on the profile page, to show my @mozilla.cz address instead the personal one?

(Archaeopteryx) #15

Thank you Henrik, now the login works for me.

(Meteor) #16

Yes. I successfully enroll in DUO multi-factor auth.

(John Giannelos) #17

Under Settings > Profile Identities there is a Show on profile button. The identity you choose is going to appear as an email for your profile.

(Michal Stanke) #18

Thank you. The UX is a bit messy and nonintuitive, but I have found it. :wink:

(Tom Schuster) #19

I get:

Sorry, you may not login using GitHub. Please instead always login with LDAP.

(Henrik Mitsch) #20

@evilpie do you have a Volunteer LDAP account? If yes, please use LDAP to authenticate with.

Does this work for you?

Best regards,
Henrik

(Michal Stanke) #21

I have tried even in Chromium now, but does not work there either, so it’s probably not a browser issue.