Pkgdb2 authenticates using OpenID. We need an FedOAuth instance running to auth against an FAS instance.
Thx for your report. Do we really need to use FedOAuth or can't we use the previous authentication method instead with either pkgdb2/bodhi ? One need to run pkgdb2 in a Virtual Machine an do testing, specially about how interactions goes with fas/bugzilla/others (probably to be found with ansible
The reason I created this bug was because I created a VM for implementing all of these services. Pkgdb2 only authenticates against an OpenID system. There is currently an issue with the FedOAuth setup and I'm waiting to hear back from the author.
After fixing the FedOAuth setup I've learned it is going away. We need to move to Ipsilon, which is being released tomorrow. http://patrick.uiterwijk.org/2014/11/14/fedoauth-ipsilon-merge-complete/
Ipsilon 1.0 will be released on early May (roadmap says May 8th) and fedoauth official support will stop ~2 months after that.
I would suggest to deploy Ipsilon for new instances, as FedOAuth will no longer get any new features (security and bug fixes will continue for at least two months after Ipsilon 1.0, any longer are non-public patches). Note that the current Ipsilon release (0.6.0) has a bug with the OpenID support and needs a small fix[1], but this has been merged upstream and will be fixed in any future releases. If any help is needed for Ipsilon setup or usage, please let me know. [1]: https://git.fedorahosted.org/cgit/ipsilon.git/commit/?id=ba45934659346510966ca6c58a01dbba3eca7d2f
Why is it not possible to use Fedora's ipsilon instance? The only potential problem I can see is that it requires everyone to have a FAS account as well.
Administrative ACLs are kept in RPMFusion's FAS instance. It is also permissible to be a RPMFusion packager but not a Fedora packager.
Ipsilon is available but it requires an updated fas to work with. We will either migrate FAS to fas2 or fas3 once the machine will be migrated to the new instance.