Bug 1351859
Summary: | Allow using aliases with RH SSO | ||
---|---|---|---|
Product: | [Community] Bugzilla | Reporter: | Jeff Fearn 🐞 <jfearn> |
Component: | User Accounts | Assignee: | Jeff Fearn 🐞 <jfearn> |
Status: | CLOSED NEXTRELEASE | QA Contact: | tools-bugs <tools-bugs> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 5.0 | CC: | cbredesen, huiwang, mtahir, nphilipp, qgong |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | 5.0.3.rh34 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-11-20 04:12:19 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jeff Fearn 🐞
2016-07-01 04:58:56 UTC
I definitely support this, folks at RHT will likely defer using SAML until they can preserve their existing account history. Would be great to see. Note that it is possible to have your Bugzilla email address changed to your default email address, to maintain account history. Still not optimal of course. Great to know; not sure if devops wants this level of operational burden though :) (In reply to Chris Bredesen from comment #3) > Great to know; not sure if devops wants this level of operational burden > though :) hehe I could automate it mwahahahahah Unfortunately it appears that aliases are now being reallocated, this would mean that if someone with access to bugs that required elevated access left the company and someone else got the alias, that second user may then have inappropriate access to information. Therefore due to this security issue we will not be allowing users to map bugzilla accounts to aliases. People wanting to use SSO will therefore either have to have a second account configured or will need to email bugzilla-requests and request for their current account to have it's email changed to their LDAP user. Currently we don't have access to MX records, if we did we could change the email change restriction to allow users to change their email address to/from their LDAP email or a valid alias, which would remove the need to contact bz-req. Anyone wanting this should open a new bug and we will ask if we can have access to the MX records for this purpose. w00t A unique field is being added to the user, so we will be able to do this once that field is in place. *** Bug 1459083 has been marked as a duplicate of this bug. *** Works as advertised, however it seems that users can not update rhatPrimaryMail, so users wanting that updated will need to email service desk. This bug has been fixed and is now deployed on the beta site. https://beta-bugzilla.redhat.com/ |