← Back to team overview

mahara-contributors team mailing list archive

[Bug 1533377] Re: Remove Persona (browserid) auth plugin by Nov 2016, because Mozilla is ending Persona support

 

Okay, it's coming up on the 16.10 release, and it looks like no
particular service is taking over for Mozilla Persona, so we'll need to
go ahead with our plans to decommission the plugin. I think probably the
best use of our current resources is to do a minimal implementation that
moves all the users over to Internal auth. It would look something like
this:

1. On the Browserid extension config page, we add a button that
initiates the migration

2. It deletes any browserid auth instances that have no users.

3. For the other browserid auth instances, it sets the "no current
password" flag on their user record (which is '*' in the usr.password
and usr.salt fields), and reassigns them to their institution's internal
auth instance. If their institution doesn't have an internal auth
instance, it creates one.

These users can then use the "Forgot password" page to request a new
internal auth password. The site admin can instruct them to do this by
manually sending out an email or updating the logged-out homepage.

Or I guess an even more minimal implementation would be to just tell
affected site admins to migrate the users to a different auth instance
manually.

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1533377

Title:
  Remove Persona (browserid) auth plugin by Nov 2016, because Mozilla is
  ending Persona support

Status in Mahara:
  Confirmed

Bug description:
  Mozilla has recently announced that they're ending support for the
  Persona authentication service, in November 2016.:
  https://wiki.mozilla.org/Identity/Persona_Shutdown_Guidelines_for_Reliers

  Mahara has long shipped with a Persona (formerly "Browserid") auth
  plugin. We'll need to remove this plugin from the 16.10 release, and
  come up with a way to help existing sites migrate their users away
  from Persona.

  We should also consider how to help out the stable release sites in
  migrating users away from Persona. The Nov 2016 shutdown will be very
  close to the 16.10 release date, so asking sites to upgrade to 16.10
  to use any migration tool will be fairly demanding, particularly since
  15.04 will still be covered by its extended support lifetime. So for
  15.04, 15.10, and 16.04 sites, an optional Persona migration plugin is
  probably the best option. That way the functionality will be available
  to sites that need it, without shipping new features in minor
  upgrades.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1533377/+subscriptions


References