I guess itās a matter of āadvertisementā: the current info says āSign in with login.libreho.stā and offers a ālocalā username/password login interface ā this one could be removed and replaced with a single SSO button that can advertise as login.libreho.st does. In this case it might even be advantageous to redirect Gitlab sign-in page directly to login.libreho.st, yes?
I understand where your coming from but to ālogin with gitlabā you will then be redirected to keycloak automatically as GItlab uses keycloak as its sole auth provider meaning you enter the same flow but with an additional step which might not add any value to the user experience and increase operational management overhead of the application and failure domain of authentication services.
I like the idea of somehow making the SSO (keycloak) more appealing to the target audience.
Correction: i forgot we have local login enabled so both work.
If no one is against it lets redirect auth to SSO directly?
We do that on some gitlab instances that would make the user workflow easier.
Any user that exists only locally could then sign up and it would map their account so the risk of data loss or issues is low.
Anyone up for this, where do we vote on it?
Iād be happy to configure GitLab at git.coop to be used as a SSO server for libreho.st services if someone could let me know what would need to be done.
PS Iām replying by email as Iām unable to login here as the password reset appears not to work?
Iām not sure from your post what is your proposal. Can you make an unambiguous statement instead?
Add āLogin from Githubā integration.
since we would lose an opportunity to send such users to GH alternatives already.
Iām interested in the ācoming from Github alreadyā.
Iām not concerned at all that the bulk of āopen-sourceā developers are on GH since most of them cannot make a difference between the former and free software in the first place. Weāre interested in contributors who know the difference, so as to engage with them. The others will have to learn the difference first, probably by watching LibreHosters and sister projects mark this difference more clearly.
I suppose this is the kernel of it. I am concerned because Iām not interested in Librehosters becoming a sect where we dismiss āopen sourceā minded developers ā¦
Youāve said they can learn by watching and thatās good but Iād rather they can automatically login and just talk with us on the issue tracker ā¦ that interaction has more impact. Why not also take advantage of this option? Itās an acceptable strategy in my mind ā¦
Yes, they can just get another account but from my experience seeing people interact with git.coop, there is resistance to this, even from āour peopleā. See https://github.com/cotech/website/issues/93 and https://www.loomio.org/d/2BZ0CS9e/git-hosting-for-co-operators. I donāt speak for WebArchs but they now have the Github button: https://git.coop/users/sign_in.
Like, take for example the Anarchist federation https://www.vrijebond.org, they have a facebook page: https://www.facebook.com/vrijebond/. I am sure they had this argument internally - āshould we add the facebook buttonā. Now my mother gets anarchism posts on her feed and I think itās great! The Vrije bond continues to be radically anti-capitalist and maintains its integrity ā¦
And while this discussion is potentially āgoing politicalā, I donāt want to block motivation for the other logins 
So this gives me some questions:
Are you using an SSO platform at the moment or will you be using us as an SSO provider in your gitlab instance?
I can assist you with the setup and support 
Related to the email issue could you direct message me your email address i and i will in the meantime debug
Working on the mail issue think ive found the source.
Are you using an SSO platform at the moment or will you be using us as an SSO provider in your gitlab instance?
The SSO GitHub login link was a unexpected side effect that resulted from creating and configuring the gitdotcoop account on GitHub to enable easier syncing of repos at the request of @decentral1se.
There is still a email domain whitelist for account creation at git.coop so I donāt think that any GitHub user can sign up for an account (feel free to test this and let me know if this isnāt the case!).
Related to the email issue could you direct message me your email address i and i will in the meantime debug
I donāt believe you can start a private thread via email with Discourse so you would have to start that, I did post some more details in #librehosters-techtalk on Freenode.
I feel its a contradiction to encourage open anything by integrating with a closed platform.
1 Like
Sorry I didnāt answer your question in my post above.
Are you using an SSO platform at the moment or will you be using us as an SSO provider in your gitlab instance?
There are currently no plans to use a SSO platform with git.coop.
I though @decentral1se was suggesting using git.coop as a SSO provider for libreho.st ā git.coop is only open for account creation by members of Webarchitects (you can join for Ā£1 or more) and this is not due to change.
Ah right, yes that work work!
Lets try it
Can you make an oath application for libreho.st in gitlab and send me the details, token, url etc privately :)?
Yes, I think itās better since we should not use direct app login from Gitlab anymore and only use SAML through the Keycloak.
Well, please read the previous conversation, and understand why itās not acceptable for us to make visible a link to Microsoft. Since all 3 āacceptableā identity providers accept GH logins, thereās no reason why we should not support them instead of Microsoft.
Being anarchist does not preclude having different strategies. Probably the Dutch AF has no serious sysadmin in their ranks and prefer to adopt a Marxist approach to gather a critical mass ā hahaha. More seriously, what they do does not concern us.
Rather the opposite: librehosters were created as a political response to the GMAFIA oligarchy, so the position is political from day one.
Our strategy is to make visible what alternatives exist, not to support the enemy. If we say the enemy is the GMAFIA, then we do not make them visible. Supporting our friends makes much more sense, hence the will to put into visibility Framagit, Git Coop (and to a lesser extent, Gitlab, since it gathered most of the GH diaspora, despite being VC-funded core business, it remains the most serious global scale alternative to GH, until it is acquired by some other giant).
It should appear obvious to each of us that making our friends visible is a viable tactic, while making the enemy visible is suicidal since the latter donāt need us to be visible as theyāre the masters already, arenāt they?
Iām always puzzled at people who think that itās good to ādegooglizeā Internet, but itās OK to use GMAFIA clouds.
1 Like
Can you make an oath application for libreho.st in gitlab and send me the details, token, url etc privately :)?
Sure, what is your email address?
I assume the attached screenshot is the form that has to be completed?
What should I use for āRedirect URIā and would I be correct to assume I need to tick some (which ones) of these four boxes?
- read_user
- openid
- profile
Hi Pierreozoux,
I understand where you are coming from on this one but I do have to say we have values for a reason and we should not lower them because doing the wrong thing is always easier than doing the right thing and our values represent all of us in the syndicate.
I feel fundamental itās a fine line between Microsoft, GitHub and say allowing SSO from AWS or any closed platform and this would turn our values from libre and open to any big saas cloud provider or hip enterprise because hey why not everyone is using them.
Now Iām not trying to point fingers or persecute but what is the point of librehosting if we are going to start discussions with:
we have to remain the example of what we want to be and that is not always easy but we canāt advocate for freedom of information and then, in turn, break our own standards of which we want to see more of in the world.
now once again I mean not to offend nor to anger anyone I also do not complain about things unless I really feel strongly about them so I hope you can see reason in my thoughts and opinion (of course it goes without saying anything I say on here is my own opinion and in no way or form official or authoritative)
I can confirm that using git.coop to login to this Discourse server and also GitLab appears to be working .
Then what to say about https://framagit.org/ and co.? They integrate. I donāt see this as a contradiction. The more āI only do Githubā people who walk in my front door, the better! Iāll be ready to speak against the world of Githubs. This is the point for me.
It isnāt a question of support. Itās about making it easier for contributors to get acces to the platform. Even with the friendly SSO providers there is no way for a new person to tell that they wonāt have to fill out a large form there too (unless you go and see but probably we lost them at the lab.libreho.st). Maybe not though but itās more clicks, which is the point (from experience, we know this matters).
Itās hard to believe youāre arguing in good faith when you make such statements.
I wouldnāt take that quote without the following (same post). I assume it was just a part of writing off the cuff ā¦