New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSO Preview Phase #1439
Comments
Also if you're using hosted Sentry, use Google Apps, and are interested in participating in the preview phase of this, please let us know either here or hit us up via hello@. If you're using self-hosted, and are interested in the enterprise offering (which will include a number of SSO providers), we're also happy to get you into the preview phase. |
bb5b6b0 adds support for the first half (though emails aren't finished yet) |
7cb7c6e ensures sso:valid is reset |
d8e9218 adds invite emails |
65264ee automatically sends link emails when sso is setup 68b0d6a adds a button on auth configuration to send reminder emails to pending links |
91444f1 adds loading indicator to send invite link |
3bf362d adds default membership controls on the backend |
b48276b blocks all API access to unlinked members (this might cause issues) |
0c27304 implements the start of "you need to link your account" It refactors the base views to redirect members who are logged in but missing SSO link to the appropriate page. It also means that the user can still view the organization, but we're relying on the other views/code to enforce permissions rather than the queryset helpers. |
offline sync was landed, as well as various session validation code. Right now offline sync tries hourly, and session expiration is every 24 hours |
I'm working on deploying a hosted copy of sentry. I've got LDAP integration working, but It appears the SSO integration may be preferable long term. I'm willing to do the work to make LDAP function as an SSO provider for an organization. |
@ChadKillingsworth i would stick with that for now. We're not done with core-SSO support, and the LDAP offering will actually be only for our enterprise product only (it's not being open sourced). It absolutely will be better than the django-ldap stuff, but it won't stop what you have from working. |
@twelvelabs SSO is unreleased to the general public at this time. The feature you're looking at it will likely be completely removed as it doesn't provide much value. |
@twelvelabs I assume @dz relayed our conversation. We're going to kill that feature that you mistakenly hit very soon. It's our legacy "login with a random account" system. |
@dcramer yeah, but unfortunately now we're all getting locked out of Sentry now. When I turned on Google Apps login, I and a number of people were listed as having our accounts connected and were able to login. Now we're all getting an auth modal w/ an error message: Clicking 'Login with Google' returns us back to Sentry w/ a 500 error. The error id for me was |
52569f0 adds the backend feature to support SSO-optional access |
a6121ce adds UI to toggle SSO requirement |
Closing this out as SSO is mostly done |
The basics for the SSO framework have landed in master, and now we need to expand on a few things.
Specifically, we need to target the tighter security controls around membership.
There are also next to no tests so it's a painful manual QA process atm. We should fix this by building a dummy SSO provider in the test suite (i.e. something that just redirects back) and create an integration test suite out of it.
The text was updated successfully, but these errors were encountered: