@epriestley Would you guys be open for a patch for this? How would you like to see this implemented in order to be acceptable for you guys?

In T8552#233072, @mejaz wrote:

Why is Phriction being kept on such a low priority? This task has been since 2014 if we take into account this: T5254: Allow top-level wiki doc to display entire document hierarchy instead of only 2 levels

The above did not work for me. The following did:

@epriestley I'm not saying you didn't do a serious technical evaluation of SAML. I can't see where I might have even vaguely implied that? For all I know you could be an expert on SAML. I've done multiple SAML implementations and frankly I can't blame you for not wanting to do / maintain one.

@epriestley I can see how that last sentence could be perceived as such. I probably should have put a smiley there since it wasn't intended as harsh as you (seem to) perceive it.

@epriestley I'm hoping you'll see you shouldn't pass judgement that fast.

@epriestley Onelogin does way more then just SAML. They also do OAuth for example. The screenshot also says to regenerate your Oauth keys. I assume your going to remove all OAuth stuff from Phabricator now?

Piece of info (you guys might already be aware of it) which might be of interest when implementing this; SHA512 is often faster then SHA256 on x64. See for example: https://crypto.stackexchange.com/questions/26336/sha512-faster-than-sha256

I always thought the Hashicorp projects seemed to cope nicely with a lot of patches and contributors. Projects like Packer and Terraform each process boat load of pull requests.

@avivey Is there a chance to get this change landed? It seems to be unobtrusive and is needed to have the Java lint'ers in D14632 live outside of upstream as an extension. I can imagine there might be some other lint implementations which require this functionality as well. Let me know if you need any changes, I'm more then willing to make them.

I would be willing to chime in for T5055 however I doubt anyone will want to foot the entire bill for such a large architectural change. I also think that upstream is the one that would benefit the most from it since it enables people to contribute more easy. I mean we both clearly want to contribute by extending phabricator (you even made the contribution already) but are unable.

@cspeckmim So basically T5055 needs to be done before any linter can be added in a maintainable way? There is no recent activity in T5055 and since it is an architectural change it is really hard for the community to do since it would always require closely working with upstream and apparently they have other priorities. I guess there is not much else to do then to off-load the linting to the CI build engine then.

@avivey @cspeckmim Sorry to intrude, but I'm also interested in this functionality. I've read the comments but what needs to be done to move this forward? I assume getting D15067 landed? And I think the unit tests for this change need to be fixed?

Sorry, meant OAuth support instead of OpenID. The gist of it was delegate authentication to a dedicated system. Be it via OpenID, OAuth, SAML, etc.

My 2 cents; I wouldn't spent too much time on implementing various authentication schemes for Phabricator like Yubikey, U2F, password with SMS or whatever flavour of authentication comes out tomorrow. Since Phabricator supports OpenID such authentication schemes can easily be delegated to IAM solutions like GLUU, OpenAM, KeyCloak, etc.