Google Git
Sign in
gerrit / gerrit / 89030bc3d04281e7b21d7e1db7a91a844cda484c
commit89030bc3d04281e7b21d7e1db7a91a844cda484c[log] [tgz]
authorShawn O. Pearce <sop@google.com>Sat Apr 24 17:25:29 2010 -0700
committerShawn O. Pearce <sop@google.com>Sat Apr 24 18:15:26 2010 -0700
treeadd490f6d690ef2615a6b254fce656ec499f98f6
parent4ba0b8a7cb77594eeeab05bf8e1cdd42c16c260f [diff]
Use OpenID PAPE extension to force reauthentication

Site administrators relying on OpenID can now enable the PAPE
extension, requiring users to reauthenticate with their provider
before establishing a new session with the Gerrit server.

This resolves issue 521 by allowing a site administrator to
set auth.maxOpenIdSessionAge to 0.  In this configuration the
Google Accounts provider will always prompt for a password,
which gives the user a chance to sign-out of Google's account
system and sign-in as a different user before they return to
the Gerrit installation.

Bug: issue 521
Change-Id: I656d6fd31831a71edf15319b6d94503ac93f6f36
Signed-off-by: Shawn O. Pearce <sop@google.com>
2 files changed
tree: add490f6d690ef2615a6b254fce656ec499f98f6
  1. Documentation/
  2. gerrit-common/
  3. gerrit-gwtdebug/
  4. gerrit-gwtui/
  5. gerrit-httpd/
  6. gerrit-launcher/
  7. gerrit-main/
  8. gerrit-patch-commonsnet/
  9. gerrit-patch-jgit/
  10. gerrit-pgm/
  11. gerrit-prettify/
  12. gerrit-reviewdb/
  13. gerrit-server/
  14. gerrit-sshd/
  15. gerrit-util-cli/
  16. gerrit-util-ssl/
  17. gerrit-war/
  18. ReleaseNotes/
  19. tools/
  20. .gitignore
  21. COPYING
  22. INSTALL
  23. pom.xml
  24. SUBMITTING_PATCHES