github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-10 05:32:52 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

Git command not fully support OpenID credentials #4091

New Issue
Closed
opened 2025-11-02 05:37:24 -06:00 by GiteaMirror · 5 comments
GiteaMirror commented 2025-11-02 05:37:24 -06:00
Owner
Copy Link

Originally created by @kstan79 on GitHub (Oct 10, 2019).

  • Gitea version (or commit ref): 1.9.3
  • Git version: 2.7.4
  • Operating system: Ubuntu Linux
  • Database (use [x]):
    • PostgreSQL
    • MySQL
    • MSSQL
    • SQLite
  • Can you reproduce the bug at https://try.gitea.io:
    • [ x] Yes (provide example URL)
    • No
    • Not relevant
  • Log gist:

Description

I'm was authenticate user via ldap account and that work fine. Both web console and git clone/pull/push using identical user/password.

I'd setup own openid server (keycloak) and let gitea bind to it. Web console we can login through keycloak and get into gitea, but the git command it doesn't recognise same password from keycloak. I need to define another local password in order to allow commit code into repository.

I'm feel that this design is not scalable and defeat the purpose of using openid. Is it possible to have any of below solution?

  1. git command (push/pull/clone and etc) using open id password instead of gitea local password (I think it is hard cause sometimes openid implement 2 factor authentication, that add complexity)
  2. separate ldap and openid definition. Mean we define 'User X' login can use openid, but authentication source is ldap. The result will be web console we can login through both open id or ldap password. In 'git command' we will authenticate using ldap account password. As administrator, i can bind keycloak and git tea user into same ldap db afterwards.
Originally created by @kstan79 on GitHub (Oct 10, 2019). <!-- NOTE: If your issue is a security concern, please send an email to security@gitea.io instead of opening a public issue --> <!-- 1. Please speak English, this is the language all maintainers can speak and write. 2. Please ask questions or configuration/deploy problems on our Discord server (https://discord.gg/gitea) or forum (https://discourse.gitea.io). 3. Please take a moment to check that your issue doesn't already exist. 4. Please give all relevant information below for bug reports, because incomplete details will be handled as an invalid report. --> - Gitea version (or commit ref): 1.9.3 - Git version: 2.7.4 - Operating system: Ubuntu Linux - Database (use `[x]`): - [ ] PostgreSQL - [x] MySQL - [ ] MSSQL - [ ] SQLite - Can you reproduce the bug at https://try.gitea.io: - [ x] Yes (provide example URL) - [ ] No - [ ] Not relevant - Log gist: ## Description I'm was authenticate user via ldap account and that work fine. Both web console and git clone/pull/push using identical user/password. I'd setup own openid server (keycloak) and let gitea bind to it. Web console we can login through keycloak and get into gitea, but the git command it doesn't recognise same password from keycloak. I need to define another local password in order to allow commit code into repository. I'm feel that this design is not scalable and defeat the purpose of using openid. Is it possible to have any of below solution? 1. git command (push/pull/clone and etc) using open id password instead of gitea local password (I think it is hard cause sometimes openid implement 2 factor authentication, that add complexity) 2. separate ldap and openid definition. Mean we define 'User X' login can use openid, but authentication source is ldap. The result will be web console we can login through both open id or ldap password. In 'git command' we will authenticate using ldap account password. As administrator, i can bind keycloak and git tea user into same ldap db afterwards.
GiteaMirror added the type/question label 2025-11-02 05:37:24 -06:00
GiteaMirror commented 2025-11-02 05:37:27 -06:00
Author
Owner
Copy Link

@zeripath commented on GitHub (Oct 10, 2019):

When passing in the password for git you can pass in either an application token, an oauth token or your password.

@zeripath commented on GitHub (Oct 10, 2019): When passing in the password for git you can pass in either an application token, an oauth token or your password.
GiteaMirror commented 2025-11-02 05:37:27 -06:00
Author
Owner
Copy Link

@techknowlogick commented on GitHub (Oct 10, 2019):

Gitea doesn't have access to openID password due to it not have the password provided to it. When you enter the password for keycloak, you enter it into that system directly, and keycloak just lets us know if the authentication was successful. Whereas with ldap, Gitea itself talks to the lday server (most frequent ldap server used with Gitea is Active Directory, and also FreeIPA).

Like @zeripath has said though, there are many options you can use other than password (personally I recommend using SSH pub/priv keys for added security).

@techknowlogick commented on GitHub (Oct 10, 2019): Gitea doesn't have access to openID password due to it not have the password provided to it. When you enter the password for keycloak, you enter it into that system directly, and keycloak just lets us know if the authentication was successful. Whereas with ldap, Gitea itself talks to the lday server (most frequent ldap server used with Gitea is Active Directory, and also FreeIPA). Like @zeripath has said though, there are many options you can use other than password (personally I recommend using SSH pub/priv keys for added security).
GiteaMirror commented 2025-11-02 05:37:28 -06:00
Author
Owner
Copy Link

@lunny commented on GitHub (Oct 11, 2019):

So maybe a desktop SSO support may resolve the problem. It needs git support that.

@lunny commented on GitHub (Oct 11, 2019): So maybe a desktop SSO support may resolve the problem. It needs git support that.
GiteaMirror commented 2025-11-02 05:37:28 -06:00
Author
Owner
Copy Link

@guillep2k commented on GitHub (Oct 11, 2019):

@kstan79 As a git + OpenID solution is not currently possible, you may want to close this issue and open another one requesting option 2 specifically, as this issue is more or less an open question.

@guillep2k commented on GitHub (Oct 11, 2019): @kstan79 As a git + OpenID solution is not currently possible, you may want to close this issue and open another one requesting option 2 specifically, as this issue is more or less an open question.
GiteaMirror commented 2025-11-02 05:37:28 -06:00
Author
Owner
Copy Link

@kstan79 commented on GitHub (Oct 11, 2019):

ok tq. i will reopen issue 2

@kstan79 commented on GitHub (Oct 11, 2019): ok tq. i will reopen issue 2
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label type/question
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#4091
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?