diff --git a/.markdownlint.yml b/.markdownlint.yml
index 6be0b9fad29bb92d8bbcb32a6e58ea77fe738e5a..b77e7c488cde9e55fc213d46c102fcaf9d6a19fe 100644
--- a/.markdownlint.yml
+++ b/.markdownlint.yml
@@ -33,7 +33,6 @@ proper-names:
"API",
"Asana",
"Auth0",
- "Authentiq",
"Azure",
"Bamboo",
"Bitbucket",
diff --git a/Gemfile b/Gemfile
index 72569a35dc03829fab5fcb096390bfb51f9fd84c..f0079321d353da841f95e14574cf65a0605f98d0 100644
--- a/Gemfile
+++ b/Gemfile
@@ -71,7 +71,6 @@ gem 'omniauth-oauth2-generic', '~> 0.2.2'
gem 'omniauth-saml', '~> 2.0.0'
gem 'omniauth-twitter', '~> 1.4'
gem 'omniauth_crowd', '~> 2.4.0', path: 'vendor/gems/omniauth_crowd' # See vendor/gems/omniauth_crowd/README.md
-gem 'omniauth-authentiq', '~> 0.3.3'
gem 'omniauth_openid_connect', '~> 0.6.0'
# Locked until Ruby 3.0 upgrade since upgrading will pull in an updated net-smtp gem.
# See https://docs.gitlab.com/ee/development/emails.html#rationale.
diff --git a/Gemfile.checksum b/Gemfile.checksum
index 14be8b71f25ddbed8757da294890e9af60d1fc22..22a07689bffb5f9a5a626cb934bf3fa10437ebac 100644
--- a/Gemfile.checksum
+++ b/Gemfile.checksum
@@ -391,7 +391,6 @@
{"name":"omniauth-alicloud","version":"2.0.1","platform":"ruby","checksum":"b14c425bca02b4d0f73e710ceb62c0f1f8533e0c427c1c495d2b40f87b3f48d3"},
{"name":"omniauth-atlassian-oauth2","version":"0.2.0","platform":"ruby","checksum":"eb07574a188ab8a03376ce288bce86bc2dd4a1382ffa5781cb5e2b7bc15d76c9"},
{"name":"omniauth-auth0","version":"2.0.0","platform":"ruby","checksum":"823769be7883b45b2fa94367c2f6a17f7b3b1333986016089c016d45827da545"},
-{"name":"omniauth-authentiq","version":"0.3.3","platform":"ruby","checksum":"11b3791085a130782bf14b0088653beeb085638a9548d7110a57d3cbbb54fb4c"},
{"name":"omniauth-azure-activedirectory-v2","version":"2.0.0","platform":"ruby","checksum":"c484cedd52cd233e3c216c4b3ed667ec07d20e51c550a613b65a0f90fe8ad072"},
{"name":"omniauth-dingtalk-oauth2","version":"1.0.1","platform":"ruby","checksum":"6545670f1c38344eaf960df9750c550a9534f790f888af088761a9e04269139b"},
{"name":"omniauth-facebook","version":"4.0.0","platform":"ruby","checksum":"05ae3565c8fdb38df8dab04eb8ca854ea6c18e81591d3e6598ce101293a2f20f"},
diff --git a/Gemfile.lock b/Gemfile.lock
index be3cd068e5d37fad91a0ca50883eed33c77f9981..72a4eb028579d72ac957485a518aa5d6b55ae6e3 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -997,9 +997,6 @@ GEM
omniauth-oauth2 (>= 1.5)
omniauth-auth0 (2.0.0)
omniauth-oauth2 (~> 1.4)
- omniauth-authentiq (0.3.3)
- jwt (>= 1.5)
- omniauth-oauth2 (>= 1.5)
omniauth-azure-activedirectory-v2 (2.0.0)
omniauth-oauth2 (~> 1.8)
omniauth-dingtalk-oauth2 (1.0.1)
@@ -1771,7 +1768,6 @@ DEPENDENCIES
omniauth-alicloud (~> 2.0.1)
omniauth-atlassian-oauth2 (~> 0.2.0)
omniauth-auth0 (~> 2.0.0)
- omniauth-authentiq (~> 0.3.3)
omniauth-azure-activedirectory-v2 (~> 2.0)
omniauth-azure-oauth2 (~> 0.0.9)!
omniauth-cas3 (~> 1.1.4)!
diff --git a/app/assets/images/auth_buttons/authentiq_64.png b/app/assets/images/auth_buttons/authentiq_64.png
deleted file mode 100644
index 81767bbcc54f114ec3d6436d3abf640f260dc169..0000000000000000000000000000000000000000
Binary files a/app/assets/images/auth_buttons/authentiq_64.png and /dev/null differ
diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb
index 5bd3b74af1f541e1a2420d52fdf558281229a735..4046433f8eaa18994b76932e32afc7801879182d 100644
--- a/app/controllers/omniauth_callbacks_controller.rb
+++ b/app/controllers/omniauth_callbacks_controller.rb
@@ -61,14 +61,6 @@ def cas3
handle_omniauth
end
- def authentiq
- if params['sid']
- handle_service_ticket oauth['provider'], params['sid']
- end
-
- handle_omniauth
- end
-
def auth0
if oauth['uid'].blank?
fail_auth0_login
diff --git a/app/helpers/auth_helper.rb b/app/helpers/auth_helper.rb
index f818088a4c6edc0f263ef2fec652d361e60f4a22..e2e89c9abcaa621c15ded5e911d7c482a77e9a18 100644
--- a/app/helpers/auth_helper.rb
+++ b/app/helpers/auth_helper.rb
@@ -5,7 +5,6 @@ module AuthHelper
alicloud
atlassian_oauth2
auth0
- authentiq
azure_activedirectory_v2
azure_oauth2
bitbucket
diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example
index 1b18f977e4f2594e3a9fdf1bdc9c5cdb48807f4d..5a9811c0e912d58feb747f7f8a58dca546509008 100644
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -1072,16 +1072,6 @@ production: &base
# login_url: '/cas/login',
# service_validate_url: '/cas/p3/serviceValidate',
# logout_url: '/cas/logout' } }
- # - { name: 'authentiq',
- # # for client credentials (client ID and secret), go to https://www.authentiq.com/developers
- # app_id: 'YOUR_CLIENT_ID',
- # app_secret: 'YOUR_CLIENT_SECRET',
- # args: {
- # scope: 'aq:name email~rs address aq:push'
- # # callback_url parameter is optional except when 'gitlab.host' in this file is set to 'localhost'
- # # callback_url: 'YOUR_CALLBACK_URL'
- # }
- # }
# - { name: 'github',
# app_id: 'YOUR_APP_ID',
# app_secret: 'YOUR_APP_SECRET',
@@ -1628,10 +1618,6 @@ test:
client_id: 'YOUR_AUTH0_CLIENT_ID',
client_secret: 'YOUR_AUTH0_CLIENT_SECRET',
namespace: 'YOUR_AUTH0_DOMAIN' } }
- - { name: 'authentiq',
- app_id: 'YOUR_CLIENT_ID',
- app_secret: 'YOUR_CLIENT_SECRET',
- args: { scope: 'aq:name email~rs address aq:push' } }
- { name: 'salesforce',
app_id: 'YOUR_CLIENT_ID',
app_secret: 'YOUR_CLIENT_SECRET'
diff --git a/doc/.vale/gitlab/spelling-exceptions.txt b/doc/.vale/gitlab/spelling-exceptions.txt
index 7d36887de39e9dab2cfff7db7da711993141f0ac..a2a23c03aa370b7d71bcbbb360ba341655271d6d 100644
--- a/doc/.vale/gitlab/spelling-exceptions.txt
+++ b/doc/.vale/gitlab/spelling-exceptions.txt
@@ -48,7 +48,6 @@ auditability
auditable
Auth0
authenticator
-Authentiq
Authy
autocomplete
autocompleted
diff --git a/doc/administration/auth/authentiq.md b/doc/administration/auth/authentiq.md
index 4eabdddfc635835803fc7f557fefda5aefe085b9..a32d2a2cf94ea0751105bbcadcec3ac375c6e5ec 100644
--- a/doc/administration/auth/authentiq.md
+++ b/doc/administration/auth/authentiq.md
@@ -1,102 +1,12 @@
---
-type: reference
stage: Manage
group: Authentication and Authorization
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+remove_date: '2023-02-22'
+redirect_to: '../../integration/omniauth.md'
---
-# Authentiq OmniAuth Provider **(FREE SELF)**
+# Authentiq OmniAuth Provider (removed) **(FREE SELF)**
-To enable the Authentiq OmniAuth provider for passwordless authentication, you must register an application with Authentiq.
-
-Authentiq generates a Client ID and the accompanying Client Secret for you to use.
-
-1. Get your Client credentials (Client ID and Client Secret) at [Authentiq](https://www.authentiq.com/developers).
-
-1. On your GitLab server, open the configuration file:
-
- For omnibus installation
-
- ```shell
- sudo editor /etc/gitlab/gitlab.rb
- ```
-
- For installations from source:
-
- ```shell
- sudo -u git -H editor /home/git/gitlab/config/gitlab.yml
- ```
-
-1. Edit the [common configuration file settings](../../integration/omniauth.md#configure-common-settings)
- to add `authentiq` as a single sign-on provider. This enables Just-In-Time
- account provisioning for users who do not have an existing GitLab account.
-
-1. Add the provider configuration for Authentiq:
-
- For Omnibus packages:
-
- ```ruby
- gitlab_rails['omniauth_providers'] = [
- {
- name: "authentiq",
- # label: "Provider name", # optional label for login button, defaults to "Authentiq"
- app_id: "<your_client_id>",
- app_secret: "<your_client_secret>",
- args: {
- "scope": 'aq:name email~rs address aq:push'
- }
- }
- ]
- ```
-
- For installations from source:
-
- ```yaml
- - { name: 'authentiq',
- # label: 'Provider name', # optional label for login button, defaults to "Authentiq"
- app_id: '<your_client_id>',
- app_secret: '<your_client_secret>',
- args: {
- scope: 'aq:name email~rs address aq:push'
- }
- }
- ```
-
-1. The `scope` is set to request the:
- - User's name.
- - Required and signed email.
- - Permission to send push notifications to sign in on subsequent visits.
-
- See [OmniAuth Authentiq strategy](https://github.com/AuthentiqID/omniauth-authentiq/wiki/Scopes,-callback-url-configuration-and-responses) for more information on scopes and modifiers.
-
-1. Change `<your_client_id>` and `<your_client_secret>` to the Client credentials you received from Authentiq.
-
-1. Save the configuration file.
-
-1. For the changes to take effect:
- - [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) if you installed GitLab using Omnibus.
- - [Restart GitLab](../restart_gitlab.md#installations-from-source) if you installed GitLab from source.
-
-On the sign in page there should now be an Authentiq icon below the regular sign in form. Select the
-icon to begin the authentication process. If the user:
-
-- Has the Authentiq ID app installed in their iOS or Android device, they can:
- 1. Scan the QR code.
- 1. Decide what personal details to share.
- 1. Sign in to your GitLab installation.
-- Does not have the app installed, they are prompted to download the app and then follow the
- previous procedure.
-
-If everything works, the user is returned to GitLab and is signed in.
-
-<!-- ## Troubleshooting
-
-Include any troubleshooting steps that you can foresee. If you know beforehand what issues
-one might have when setting this up, or when something is changed, or on upgrading, it's
-important to describe those, too. Think of things that may go wrong and include them here.
-This is important to minimize requests for support, and to avoid doc comments with
-questions that you know someone might ask.
-
-Each scenario can be a third-level heading, for example `### Getting error message X`.
-If you have none to add when creating a doc, leave this section in place
-but commented out to help encourage others to add to it in the future. -->
+This feature was [removed](https://gitlab.com/gitlab-org/gitlab/-/issues/389452) in 15.9.
+Use another [OmniAuth provider](../../integration/omniauth.md) instead.
diff --git a/doc/integration/index.md b/doc/integration/index.md
index d778d7c08563a21989fb1a31a1a31bdf44611572..195890ea4d8bc51f350170bc6c21fa7e2f610caf 100644
--- a/doc/integration/index.md
+++ b/doc/integration/index.md
@@ -29,7 +29,6 @@ You can integrate GitLab with the following authentication sources:
- Enable sign-in with [LDAP](../administration/auth/ldap/index.md).
- Enable creating [OAuth 2.0](oauth_provider.md) applications.
- Use [OmniAuth](omniauth.md) to enable sign-in through:
- - Authentiq ID
- Azure
- Bitbucket
- Crowd
diff --git a/doc/integration/omniauth.md b/doc/integration/omniauth.md
index b25ba6a00e23adc1602b67957c0a0094afb0162c..61019915c52d3f36bf54bb40f96cbc345ecbe5e4 100644
--- a/doc/integration/omniauth.md
+++ b/doc/integration/omniauth.md
@@ -20,7 +20,6 @@ GitLab supports the following OmniAuth providers.
| [AliCloud](alicloud.md) | `alicloud` |
| [Atlassian](../administration/auth/atlassian.md) | `atlassian_oauth2` |
| [Auth0](auth0.md) | `auth0` |
-| [Authentiq](../administration/auth/authentiq.md) | `authentiq` |
| [AWS Cognito](../administration/auth/cognito.md) | `cognito` |
| [Azure v2](azure.md) | `azure_activedirectory_v2` |
| [Azure v1](azure.md) | `azure_oauth2` |
diff --git a/doc/topics/authentication/index.md b/doc/topics/authentication/index.md
index c50275923541c353b189e5247c0eab50a5d024f6..c1d0a69e1f4c181c1c6d7b8d57b04b218298a37a 100644
--- a/doc/topics/authentication/index.md
+++ b/doc/topics/authentication/index.md
@@ -29,7 +29,6 @@ This page gathers all the resources for the topic **Authentication** within GitL
- [Debugging LDAP](https://about.gitlab.com/handbook/support/workflows/debugging_ldap.html)
- **Integrations:**
- [OmniAuth](../../integration/omniauth.md)
- - [Authentiq OmniAuth Provider](../../administration/auth/authentiq.md#authentiq-omniauth-provider)
- [Atlassian Crowd OmniAuth Provider](../../administration/auth/crowd.md)
- [CAS OmniAuth Provider](../../integration/cas.md)
- [SAML OmniAuth Provider](../../integration/saml.md)
diff --git a/lib/gitlab/omniauth_initializer.rb b/lib/gitlab/omniauth_initializer.rb
index fb7ffa03d0e73073c06708faf45e794088eaa0ac..a03533dcd9af4184f36ef8bdafe87be4ea075492 100644
--- a/lib/gitlab/omniauth_initializer.rb
+++ b/lib/gitlab/omniauth_initializer.rb
@@ -23,8 +23,6 @@ def default_arguments_for(provider_name)
case provider_name
when 'cas3'
{ on_single_sign_out: cas3_signout_handler }
- when 'authentiq'
- { remote_sign_out_handler: authentiq_signout_handler }
when 'shibboleth'
{ fail_with_empty_uid: true }
when 'google_oauth2'
@@ -53,18 +51,6 @@ def cas3_signout_handler
true
end
end
-
- def authentiq_signout_handler
- lambda do |request|
- authentiq_session = request.params['sid']
- if Gitlab::Auth::OAuth::Session.valid?(:authentiq, authentiq_session)
- Gitlab::Auth::OAuth::Session.destroy(:authentiq, authentiq_session)
- true
- else
- false
- end
- end
- end
end
private
diff --git a/spec/controllers/profiles/accounts_controller_spec.rb b/spec/controllers/profiles/accounts_controller_spec.rb
index 1b4b67eeaff6520be66731a8cbdba2ff0baf6f6d..ba349768b0f926381adf5644e5aeec46969ee704 100644
--- a/spec/controllers/profiles/accounts_controller_spec.rb
+++ b/spec/controllers/profiles/accounts_controller_spec.rb
@@ -31,7 +31,7 @@
end
end
- [:twitter, :facebook, :google_oauth2, :gitlab, :github, :bitbucket, :crowd, :auth0, :authentiq, :dingtalk, :alicloud].each do |provider|
+ [:twitter, :facebook, :google_oauth2, :gitlab, :github, :bitbucket, :crowd, :auth0, :dingtalk, :alicloud].each do |provider|
describe "#{provider} provider" do
let(:user) { create(:omniauth_user, provider: provider.to_s) }
diff --git a/spec/features/oauth_login_spec.rb b/spec/features/oauth_login_spec.rb
index 07d0fca0139763408fc6e8afbda934653f6179e7..bd96d65f984b9ecfa85b6b3c297d4dc0e6a49ef4 100644
--- a/spec/features/oauth_login_spec.rb
+++ b/spec/features/oauth_login_spec.rb
@@ -16,7 +16,7 @@ def stub_omniauth_config(provider)
end
providers = [:github, :twitter, :bitbucket, :gitlab, :google_oauth2,
- :facebook, :cas3, :auth0, :authentiq, :salesforce, :dingtalk, :alicloud]
+ :facebook, :cas3, :auth0, :salesforce, :dingtalk, :alicloud]
around do |example|
with_omniauth_full_host { example.run }
diff --git a/spec/features/oauth_registration_spec.rb b/spec/features/oauth_registration_spec.rb
index 6e1445a9ed65fae3e64ba96826717d8111cedb15..3c1004e452fe47670f9eb706bed41801aa0eab1b 100644
--- a/spec/features/oauth_registration_spec.rb
+++ b/spec/features/oauth_registration_spec.rb
@@ -23,7 +23,6 @@
:facebook | {}
:cas3 | {}
:auth0 | {}
- :authentiq | {}
:salesforce | { extra: { email_verified: true } }
:dingtalk | {}
:alicloud | {}
diff --git a/spec/lib/gitlab/omniauth_initializer_spec.rb b/spec/lib/gitlab/omniauth_initializer_spec.rb
index a94191f310c21f06cf2733f9784d7f82b7432368..daef280dbaad60affd3dac423b40ecb0cf23c027 100644
--- a/spec/lib/gitlab/omniauth_initializer_spec.rb
+++ b/spec/lib/gitlab/omniauth_initializer_spec.rb
@@ -216,14 +216,6 @@
expect { subject.execute([hash_config]) }.to raise_error(NameError)
end
- it 'configures remote_sign_out_handler proc for authentiq' do
- authentiq_config = { 'name' => 'authentiq', 'args' => {} }
-
- expect(devise_config).to receive(:omniauth).with(:authentiq, { remote_sign_out_handler: an_instance_of(Proc) })
-
- subject.execute([authentiq_config])
- end
-
it 'configures on_single_sign_out proc for cas3' do
cas3_config = { 'name' => 'cas3', 'args' => {} }