![\"\"](\"http:\/\/www.scmgalaxy.com\/tutorials\/wp-content\/uploads\/2018\/08\/gerrit1.png\")
<\/p>\n<\/p>\n
Authentication Types in Gerrit explained!<\/p>\n
Type of user authentication employed by Gerrit. The supported values are:<\/p>\n
By default, OpenID<\/strong><\/p>\n OpenID<\/strong> Reference<\/strong> Authentication Types in Gerrit explained! Type of user authentication employed by Gerrit. The supported values are: By default, OpenID OpenID The default setting. Gerrit uses any valid OpenID provider chosen by the end-user. For more information see openid.net. OpenID_SSO Supports OpenID from a single provider. There is no registration link, and the “Sign In” link…<\/p>\n","protected":false},"author":1,"featured_media":5251,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_kad_post_transparent":"","_kad_post_title":"","_kad_post_layout":"","_kad_post_sidebar_id":"","_kad_post_content_style":"","_kad_post_vertical_padding":"","_kad_post_feature":"","_kad_post_feature_position":"","_kad_post_header":false,"_kad_post_footer":false,"_kad_post_classname":"","_joinchat":[],"footnotes":""},"categories":[4994],"tags":[4665,4998,5001,945,4997,376,4999,5000,4995,4996],"class_list":["post-5159","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-gerrit","tag-authentication","tag-client_ssl_cert_ldap","tag-development_become_any_account","tag-gerrit","tag-http_ldap","tag-ldap","tag-ldap_bind","tag-oauth","tag-openid","tag-openid_sso"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/5159","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=5159"}],"version-history":[{"count":3,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/5159\/revisions"}],"predecessor-version":[{"id":5253,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/5159\/revisions\/5253"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media\/5251"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=5159"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=5159"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=5159"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\nThe default setting. Gerrit uses any valid OpenID provider chosen by the end-user. For more information see openid.net.
\nOpenID_SSO<\/strong>
\nSupports OpenID from a single provider. There is no registration link, and the “Sign In” link sends the user directly to the provider\u2019s SSO entry point.
\nHTTP<\/strong>
\nGerrit relies upon data presented in the HTTP request. This includes HTTP basic authentication, or some types of commercial single-sign-on solutions. With this setting enabled the authentication must take place in the web server or servlet container, and not from within Gerrit.
\nHTTP_LDAP<\/strong>
\nExactly like HTTP (above), but additionally Gerrit pre-populates a user\u2019s full name and email address based on information obtained from the user\u2019s account object in LDAP. The user\u2019s group membership is also pulled from LDAP, making any LDAP groups that a user is a member of available as groups in Gerrit.
\nCLIENT_SSL_CERT_LDAP<\/strong>
\nThis authentication type is actually kind of SSO. Gerrit will configure Jetty\u2019s SSL channel to request the client\u2019s SSL certificate. For this authentication to work a Gerrit administrator has to import the root certificate of the trust chain used to issue the client\u2019s certificate into the <review-site>\/etc\/keystore. After the authentication is done Gerrit will obtain basic user registration (name and email) from LDAP, and some group memberships. Therefore, the “_LDAP” suffix in the name of this authentication type. This authentication type can only be used under hosted daemon mode, and the httpd.listenUrl must use https:\/\/ as the protocol. Optionally, certificate revocation list file can be used at <review-site>\/etc\/crl.pem. For details, see httpd.sslCrl.
\nLDAP<\/strong>
\nGerrit prompts the user to enter a username and a password, which it then verifies by performing a simple bind against the configured ldap.server. In this configuration the web server is not involved in the user authentication process.
\nThe actual username used in the LDAP simple bind request is the account\u2019s full DN, which is discovered by first querying the directory using either an anonymous request, or the configured ldap.username identity. Gerrit can also use kerberos if ldap.authentication is set to GSSAPI.
\nLDAP_BIND<\/strong>
\nGerrit prompts the user to enter a username and a password, which it then verifies by performing a simple bind against the configured ldap.server. In this configuration the web server is not involved in the user authentication process.
\nUnlike LDAP above, the username used to perform the LDAP simple bind request is the exact string supplied in the dialog by the user. The configured ldap.username identity is not used to obtain account information.
\nOAUTH<\/strong>
\nOAuth is a protocol that lets external apps request authorization to private details in a user\u2019s account without getting their password. This is preferred over Basic Authentication because tokens can be limited to specific types of data, and can be revoked by users at any time.
\nSite owners have to register their application before getting started. Note that provider specific plugins must be used with this authentication scheme.
\nDEVELOPMENT_BECOME_ANY_ACCOUNT<\/strong>
\nDO NOT USE. Only for use in a development environment.
\nWhen this is the configured authentication method a hyperlink titled Become appears in the top right corner of the page, taking the user to a form where they can enter the username of any existing user account, and immediately login as that account, without any authentication taking place. This form of authentication is only useful for the GWT hosted mode shell, where OpenID authentication redirects might be risky to the developer\u2019s host computer, and HTTP authentication is not possible.<\/p>\n
\nhttps:\/\/dev.vaadin.com\/review\/Documentation\/config-gerrit.html#auth<\/p>\n","protected":false},"excerpt":{"rendered":"