search

davido / gerrit-oauth-provider

OAuth2 authentication provider for Gerrit Code Review. Please upload changes for review to: https://gerrit-review.googlesource.com/#/admin/projects/plugins/oauth
Apache License 2.0
140 stars 84 forks source link

Migrate gmail to office365 accounts #154

Open rajaassaf1985 opened 3 years ago

rajaassaf1985 commented 3 years ago

We have migrated our company mail service from gsuite to office365. Trying to setup oauth on gerrit server to use office365 instead of gmail. The application was setup correctly on azure AD but on login I get a forbidden and errors in the gerrit logs show the following:

[HTTP GET /oauth?code=0.AAAAMUIzFUahjUmUIGQWiyj1MNFMNhIBAVFBj1yQ4Uo8tMlzAAI.AQABAAIAAAD--DLA3VO7QrddgJg7Wevr7t42FBVmyCcdm ] WARN com.google.gerrit.server.account.AccountManager : Email blabla@blabla.com is already assigned to account 1000004; cannot create external ID office365-oauth: with the same email for account 1000030. [HTTP GET /oauth?code=0.AAAAMUIzFUahjUmUIGQWiyj1MNFMNhIBAVFBj1yQ4Uo8tMlzAAI.AQABAAIAAAD--DLA3VO7QrddgJg7Wevr7t42FBVmyCcdm ] ERROR com.google.gerrit.httpd.auth.oauth.OAuthSession : Unable to authenticate user "com.google.gerrit.extensions.auth.oauth.OAuthUserInfo@2fee9bb3" com.google.gerrit.server.account.AccountException: Email 'blabla@blabla.com' in use by another account

Is there a way to link the previous account numbers to the current ones ? The email addresses haven't changed.

Thank you.

davido commented 3 years ago

cannot create external ID office365-oauth: with the same email for account 1000030.

You cannot re-use emails for different OAuth providers. I guess you need to change the backend data, from one provider to another. What gerrit version are you using? Depending on gerrit version, you would need to tweak ReviewDb (database) or NoteDb (git).

rajaassaf1985 commented 3 years ago

We're using gerrit version 3.2.3.

davido commented 3 years ago

We're using gerrit version 3.2.3.

Consider to upgrade to 3.2.7 ASAP, see: [1]. Older releases have security issues.

[1] https://groups.google.com/g/repo-discuss/c/FOrISyYEtBc/m/5Hg0pzLEAgAJ

rajaassaf1985 commented 3 years ago

upgraded to 3.2.7. Thanks for the heads up. Now regarding the switch to office365 with the same email addresses. Do you know of any gerrit documentation to tweak the DB in a way that will map the old google user login to the microsoft ones ?

davido commented 3 years ago

Do you know of any gerrit documentation to tweak the DB in a way that will map the old google user login to the microsoft ones ?

See this thread: [1], that is referencing also: [2].

[1] https://groups.google.com/g/repo-discuss/c/4mbykY3oS1o/m/BsJ0_NFbAQAJ [2] https://groups.google.com/g/repo-discuss/c/tZ1tYQwbeLY/m/xSZhIQ20EQAJ