We now remove everyone from the whitelist for now.

They will be re-enabled as we check the for vulnerability level to the covert redirect bug.
2014-05-02 22:41:49 +00:00 · 2014-05-02 22:41:49 +00:00 · 8b2961af2b
commit 8b2961af2b
parent d9b9af1ed5
1 changed files with 13 additions and 11 deletions
--- a/roles/fedoauth/templates/fedoauth.cfg
+++ b/roles/fedoauth/templates/fedoauth.cfg
@ -49,17 +49,19 @@ PERSONA_PRIVATE_KEY_PASSPHRASE = '{{ fedoauth_persona_key_passphrase }}'
 # OPENID CONFIGURATION
 # This is the OpenID url provided to users. Add %(username)s where the username should be entered
 # A list of trust roots for which the user will not need to confirm again
-OPENID_TRUSTED_ROOTS = ['http://jenkins.cloud.fedoraproject.org/securityRealm/finishLogin',
-                        'https://ask.fedoraproject.org/',
-                        'https://fedorahosted.org/',
-                        'https://badges.fedoraproject.org',
-                        'https://apps.fedoraproject.org/tagger/',
-                        'https://apps.fedoraproject.org/nuancier/',
-                        'https://apps.fedoraproject.org/datagrepper/',
-                        'https://apps.fedoraproject.org/calendar/',
-                        'http://apps.fedoraproject.org/notifications/',
-                        'http://copr.fedoraproject.org/',
-                        'http://copr-fe.cloud.fedoraproject.org/']
+OPENID_TRUSTED_ROOTS = []
+# Currently all kicked out due to them being on the list for the covert check
+#			'http://jenkins.cloud.fedoraproject.org/securityRealm/finishLogin',
+#                        'https://ask.fedoraproject.org/',
+#                        'https://fedorahosted.org/',
+#                        'https://badges.fedoraproject.org',
+#                        'https://apps.fedoraproject.org/tagger/',
+#                        'https://apps.fedoraproject.org/nuancier/',
+#                        'https://apps.fedoraproject.org/datagrepper/',
+#                        'https://apps.fedoraproject.org/calendar/',
+#                        'http://apps.fedoraproject.org/notifications/',
+#                        'http://copr.fedoraproject.org/',
+#                        'http://copr-fe.cloud.fedoraproject.org/']
 OPENID_NON_TRUSTED_ROOTS = []
 ### The maximum time after which the user must re-authenticate for OpenID in minutes (use 0 for no limit)
 OPENID_MAX_AUTH_TIME = 120