Afaik some sites use OpenID login through the person’s social account (Google or Facebook) but so far no site has asked me to type an OpenID.
I wonder how this works with paste.opensuse.org? Where do I get such an ID? And how does this login security work without password?
Hi
There is no login required to use paste.opensuse.org, I would imagine that’s the web site administrator login, but it’s a third party site, so you need to ask them…
I know it is not required. But I thought a login could probably give additional features such as being to manage pasted data.
Who is “them” and how do I find contact details?
It’s an opensuse.org site, so use contact details as follows…
https://en.opensuse.org/openSUSE:Communication_channels#Contact_Info
Hi
Just to clarify, it’s a private instance since it’s not hosted by openSUSE Infrastructure… but run by Miska, an openSUSE Community Member 
Right, so Michal Hrušecký…?
So some other things happened with openSUSE Paste so I want to inform you about the current situation. We have http://susepaste.org address, right? So from yesterday, we also have http://paste.opensuse.org. Same computer, same IP, just different name if you prefer the other one. As it is the same thing as susepaste.org, links are interchangeable. So you can post something to susepaste.org and send link to paste.opensuse.org or vise versa. Just replace the first part of the url
It would be useful if there were contact details accessible directly from that site IMHO.
If you click on “login” near the top right, there’s a drop down, with a space to enter openid. I suppose you type in your gmail address or facebook or something. I didn’t actually try to login.
If I were to hazard a guess, the OpenID functionality is there, but not wired to anything (ie non-functional).
Info about the owner of the openSUSE pastebin is there in the incredibly fine print
https://www.openhub.net/p/opensuse-paste
The code is apparently a fork of the stikked project (The link from the openSUSE pastebin site doesn’t work) here
https://github.com/claudehohl/Stikked
I skimmed the stikked documentation but not the project files for anything that might reference OpenID, but didn’t find anything. If anyone wants to deploy OpenID, it looks like they’ll have to do that himself (although apparently there is now LDAP support in a LAN).
Curiously, I skimmed the OpenID documentation and see that a couple years ago (actually 2014) there was a major architectural change from OpenID 2.0 which was based on Oauth 2.0 to something called “OpenConnect” but even their documentation seems to be missing a lot of stuff I’d normally expect. Probably anyone wanting to actually understand this “OpenConnect” would need to study implementation examples.
http://openid.net/connect/
http://openid.net/connect/faq/
Bottom line, although the openSUSE pastebin “login” suggests using OpenID, I doubt it works at all.
TSU
That’s what I’ve been thinking too.
In other words, raising a Bug Report against “Product: openSUSE.org” and “Component: Infrastructure” also wouldn’t help to resolve this issue.
On Wed, 26 Apr 2017 02:46:02 +0000, tsu2 wrote:
> Curiously, I skimmed the OpenID documentation and see that a couple
> years ago (actually 2014) there was a major architectural change from
> OpenID 2.0 which was based on Oauth 2.0 to something called
> “OpenConnect” but even their documentation seems to be missing a lot of
> stuff I’d normally expect. Probably anyone wanting to actually
> understand this “OpenConnect” would need to study implementation
> examples.
OpenID Connect (OIDC in some circles) is something that’s used in
conjunction with OAuth authentication servers to provide SSO capabilities
for web applications (in my day job, I work for a company that implements
this - though I’m not in the software development organization).
If the login on paste.o.o isn’t wired to anything, there’s nothing a
normal user can do to enable it - a site admin needs to provide
information about the Identity Provider (IdP) to the application in order
for it to leverage the OIDC authentication flow.
Basically what OIDC and OAuth 2.0 allow for is an external identity
provider to be used to generate an authentication token. That token can
be generated using username/password credentials, 2FA, or other
authentication mechanisms.
Jim
–
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C
On Wed, 26 Apr 2017 00:26:02 +0000, nrickert wrote:
> I suppose you type in your gmail address or
> facebook or something.
That would only work if the site is set up with one of those
authenticators as an IdP. If it’s not set up, it won’t work.
Doesn’t look like it’s set up - it’s probably embedded in the openSUSE
skin stuff, but without config on the backend, it won’t work for anything.
Jim
–
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C
I guess this would be of some interest
by logging in, you can paste things that the spam detection would otherwise block (for example something that includes 10
links).
And to answer the initial question: It’s an openID login.
If you want to use your openSUSE account, you can enter
Ipsilon
in the login field on paste.o.o/susepaste.org.
This will redirect you to a login page (id.opensuse.org [1]) where you
can login with your openSUSE (bugzilla/wiki/OBS/…) login. You’ll then
see you which of your account data will be relayed to
paste.opensuse.org. Allow that, and you are logged in.
Note: The login page doesn’t look openSUSE’ish yet because we had to
switch over in a hurry (“fun” with MF-IT) - but that’s another story
If you are interested in details, see
https://status.opensuse.org/incidents/232 and the ticket mentioned
there.
In theory you can also use another openID provider of your choice to
login on paste.o.o, but I never tried that.
Regards,
Christian Boltz
[1] The domain name might change to prevent a name clash with a possible
future indonesian wiki - but that’s just a technical detail.
Of course, URL to openSUSE ID provider may change in future (just like it has changed recently), but that should work today. Works for me
