Bug 1772398

Summary: Could not specify organization/location for users that come from keycloak
Product: Red Hat Satellite Reporter: Nikhil Kathole <nkathole>
Component: AuthenticationAssignee: Rahul Bajaj <rabajaj>
Status: CLOSED ERRATA QA Contact: Nikhil Kathole <nkathole>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.7.0CC: mhulan, pcreech, rabajaj
Target Milestone: 6.7.0Keywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: foreman-1.24.1-1,tfm-rubygem-hammer_cli_foreman-0.19.4-1 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-04-14 13:27:10 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Nikhil Kathole 2019-11-14 10:37:34 UTC 
Description of problem:

There is no way to specify for which org/loc user will be created in foreman.


Version-Release number of selected component (if applicable):
Satellite 6.7 snap 1


How reproducible:
always

Steps to Reproduce:
1. Configure keycloak with satellite
2. Create role in foreman with activation key view/delete/update/create permissions
3. Create usergroup in keycloak
4. Create usergroup with external usergroup as per keycloak and assign role created.
5. Login with user and visit activation key page.

Result:

Error 403 as user wont have org/loc assigned.

Expected :
Find a way to assign a default org/location to users that come from keycloak.

Additional info :
Upstream bug raised https://projects.theforeman.org/issues/26312 but corresponding PR don't resolve this issue.
Comment 3 Rahul Bajaj 2019-12-12 15:33:45 UTC 
Hello,

Active discussion is being done on this topic and one can have access to the topic discussion here: https://github.com/theforeman/foreman/pull/7219
This is not a huge difficulty and has workarounds assoiciated with it. I will in detail list the workarounds in few days, once we have a conclusion for the 
currrent discussions.

Thanks,
Comment 4 Rahul Bajaj 2020-01-02 07:30:02 UTC 
Hello,

This issue has been resolved here: https://github.com/theforeman/foreman/pull/7264
A complementing hammer command has also been merged here: https://github.com/theforeman/hammer-cli-foreman/commit/ebcd16b9d5038b1d6e8e658038b4f8c7958332b2

Moving this BZ to modified state.

Thanks,
Comment 5 Nikhil Kathole 2020-01-17 06:29:50 UTC 
VERIFIED

Version tested:

Satellite 6.7 snap 8

This bugzilla provides a way of assigning org/loc to External auth-source from CLI, but still functionality from UI is missing. There is no way doing it via UI. Raised issue https://bugzilla.redhat.com/show_bug.cgi?id=1792131 for UI implementation and verifying this.

[root@sgi-uv20-01 ~]# hammer auth-source external list
---|---------
ID | NAME    
---|---------
3  | External
---|---------
[root@sgi-uv20-01 ~]# hammer auth-source external update -h
Usage:
    hammer auth-source external update [OPTIONS]

Options:
 --id ID                                    
 --location LOCATION_NAME                  Location name
 --location-id LOCATION_ID                  
 --location-ids LOCATION_IDS               REPLACE locations with given ids
                                           Comma separated list of values. Values containing comma should be quoted or escaped with backslash.
                                           JSON is acceptable and preferred way for complex parameters
 --location-title LOCATION_TITLE           Location title
 --location-titles LOCATION_TITLES         Comma separated list of values. Values containing comma should be quoted or escaped with backslash.
                                           JSON is acceptable and preferred way for complex parameters
 --locations LOCATION_NAMES                Comma separated list of values. Values containing comma should be quoted or escaped with backslash.
                                           JSON is acceptable and preferred way for complex parameters
 --name NAME                               Name to search by
 --new-name NEW_NAME                        
 --organization ORGANIZATION_NAME          Organization name
 --organization-id ORGANIZATION_ID         Organization ID
 --organization-ids ORGANIZATION_IDS       REPLACE organizations with given ids.
                                           Comma separated list of values. Values containing comma should be quoted or escaped with backslash.
                                           JSON is acceptable and preferred way for complex parameters
 --organization-title ORGANIZATION_TITLE   Organization title
 --organization-titles ORGANIZATION_TITLES Comma separated list of values. Values containing comma should be quoted or escaped with backslash.
                                           JSON is acceptable and preferred way for complex parameters
 --organizations ORGANIZATION_NAMES        Comma separated list of values. Values containing comma should be quoted or escaped with backslash.
                                           JSON is acceptable and preferred way for complex parameters
 -h, --help                                Print help


[root@sgi-uv20-01 ~]# hammer auth-source external update --id 3 --organization-ids 1,3 --location-ids 2,4
Successfully updated the External external auth source.
[root@sgi-uv20-01 ~]# hammer auth-source external info --id 3
Id:            3
Name:          External
Locations:     
    Default Location
    xyz
Organizations: 
    abc
    Default Organization
Comment 9 errata-xmlrpc 2020-04-14 13:27:10 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:1454