Bug 1404906
| Summary: | Users authenticated via external sources (except LDAP) contain no default context/location | ||
|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Alexey Masolov <amasolov> |
| Component: | Users & Roles | Assignee: | satellite6-bugs <satellite6-bugs> |
| Status: | CLOSED WONTFIX | QA Contact: | Katello QA List <katello-qa-list> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.2.5 | CC: | amasolov, bkearney, dhawke, dhlavacd, dlobatog, itewksbu, jcallaha, kborup, mhulan, mikko.bt, mjahangi, rjerrido, tbrisker, vanhoof |
| Target Milestone: | Unspecified | Keywords: | FieldEngineering, Triaged |
| Target Release: | Unused | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-09-04 18:04:14 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Alexey Masolov
2016-12-15 03:47:26 UTC
Hello Alexey. How would you recommend this to be handled? When user setup external authentication like this we have no notion of where the user is stored at. We only get information that the user was authenticated externally and what are his/her user groups. We could potentially enable admin to configure orgs and locs on external auth source which is currently only available for LDAP auth sources, but that means only single set of orgs and locs would be assigned to user. This is because all users are assigned to single external auth source which represents any external service. Would that address your use case? I think that in the next Z-stream this feature will be available by having taxonomies on LDAP, several LDAP auth sources can be created and linked to different taxonomies (depending on the base DN for example) to address this issue. I'll look for the original issue and mark this as a duplicate. Daniel, I don't think you're right. In this case they use external auth source, not LDAP auth source. This is why I asked support for external auth source in the original PR https://github.com/theforeman/foreman/pull/3864#discussion_r79814713 but since there is no way to update external auth source by user, we didn't include it. So this is not a duplicate I think. Hi Marek, I believe that any external auth sources (including LDAP) should be visible in WebUI and be in one place. So, I would say the best solution is to configure taxonomies for external IdM/AD in the same way as it is implemented for LDAP. I totally understand that there are some limitations like all users are assigned to single external source. Would it be appropriate to rename "LDAP Authentication" to "External Authentication" in WebUI and manage all sources from there? Yeah - sounds like 6.3.0 work based on Alexey's comment and because this is a feature. I think that's a decent enough way to do it, having just one 'external authentication' source which allows users that log in through 'external' to be mapped to at least some org/loc. I would suggest setting a REMOTE_USER_ORG / REMOTE_USER_LOC variable too that we could take into account upon login. *** Bug 1358544 has been marked as a duplicate of this bug. *** *** Bug 1422306 has been marked as a duplicate of this bug. *** Created redmine issue http://projects.theforeman.org/issues/21292 from this bug Thank you for your interest in Satellite 6. We have evaluated this request, and we do not expect this to be implemented in the product in the foreseeable future. We are therefore closing this out as WONTFIX. If you have any concerns about this, please feel free to contact Rich Jerrido or Bryan Kearney. Thank you. |