Bug 1262229 - login with token , the Identity cannot be created when the identity of user was deleted
login with token , the Identity cannot be created when the identity of user w...
Product: OpenShift Origin
Classification: Red Hat
Component: Auth (Show other bugs)
Unspecified Unspecified
medium Severity medium
: ---
: ---
Assigned To: Jordan Liggitt
weiwei jiang
Depends On:
  Show dependency treegraph
Reported: 2015-09-11 04:28 EDT by Wang Haoran
Modified: 2016-10-30 18:54 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2015-09-11 08:38:56 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Wang Haoran 2015-09-11 04:28:42 EDT
Description of problem:

when cluster admin delete the user identity, if the user login with token , the identity cannot be created
Version-Release number of selected component (if applicable):
oc v1.0.5-344-gd9fb965
openshift v1.0.5-344-gd9fb965
kubernetes v1.1.0-alpha.0-1605-g44c91b1

How reproducible:

Steps to Reproduce:
1. Login with a user1 (first time login)

2. delete the reference identity for the user with cluster admin

   oc delete identity <provider type>:<username>

3. Login with user1 again with token
   oc login  https://<master>:8443 --token=xxxxxxx
4. check the reference identity and useridentitymapping for the user1 

   oc get identity <provider type>:<username>

   oc get useridentitymapping <provider type>:<username>

Actual results:
after step 4, cannot get the identity and the mapping

Expected results:
after login , should get the identity and the mapping

Additional info:
Comment 1 Jordan Liggitt 2015-09-11 08:38:56 EDT
This is working as designed. The identity is only provisioned when logging in with the identity provider (username and password, for example). `oc login --token` does not follow the IdP->Identity->User path, it just authenticates using the token.

Note You need to log in before you can comment on or make changes to this bug.