Can't login to gerrit server configured to use sso authentication.

[maguisky-g]

Attempting to login in the gerrit plugin for pycharm, I've tried to provide the credentials (server url, user id, and password), the test connection fails.
I've tried all possible user id and password combinations I could think of (including those in the contents of the ".gitcookies" generated by the gerrit server).
I have no problem connecting to the server's web-GUI using SSO.

Please advise.
Thanks

The error content is basically the sso login dialog box that the server redirects to.

Can't login to https://xxxxxxxxxxx.xxxxx-review.git.corp.xxxxxxx.com: com.google.gerrit.extensions.restapi.RestApiException: Expected JSON but got 'text/html; charset=utf-8'. Content:
 
h1 {
display: inherit;
font-size: inherit;
margin-block-start: inherit;
margin-block-end: inherit;
margin-inline-start: inherit;
margin-inline-end: inherit;
font-weight: inherit;
}

Single Sign On

Use your SSO username and password

(* fields are required)
 Username*: 
 
@
xxxxxx.com
[+]
   
 Role: 

 What's this?
 Password*: 

 Security Code*: 

Security Key help
Password help

You've successfully signed in and will be redirected in 10 seconds

You didn't use a Titan Security Key as required

Visit go/fedramp-compliance to learn why you need to use a Titan Key

[maguisky-g]

I think you should provide the option to use the .gitcookies in the user's home directory and read them in the http client configuration.
In case you use Apaches HTTP-Components, you can also use its integrated Cookie Store to automatically add Cookies to new Requests.

A good example as how to basically use Apaches HTTP-Client can be found here

The part of how to use Cookies can be found in section 5

And here

[uwolfer]

I wonder if this way could help in you case?
https://github.com/uwolfer/gerrit-intellij-plugin?tab=readme-ov-file#authenticate-against--reviewgooglesourcecom

[maguisky-g]

I've tried that, and it does not work.
I still get the SSO error.
That is why I created the ticket.

[maguisky-g]

Also note that in my case, the server may require to prompt the user to touch the security key:

You've successfully signed in and will be redirected in 10 seconds


You didn't use a Titan Security Key as required

But instead of prompting for use of security key, it just fails

[uwolfer]

Thanks for your feedback. This case seems to be tricky. I do not think an interactive login would be easy to implement in the plugin. Setting up HTTP credentials in Gerrit does not work in your case because there is a proxy in front which does the login handling, right?

[maguisky-g]

I don't know if you have to do interactive login every time, the server would ask to touch the biometric device at least once a day, and every time I connect through SSH,, so perhaps, it is only a matter of popping up the dialog when the server requests it.

Or allow the client to use .gitcookies to authenticate