Red Hat Bugzilla – Bug 1277682
When authentication is performed by Apache user info attributes are not available
Last modified: 2016-11-23 06:17:28 EST
This bug is created as a clone of upstream ticket: https://fedorahosted.org/ipsilon/ticket/191 User attributes are populated by the Info plugins. However the code that populates the user attributes and builds a session bound to the user only executes when a LoginManager executes the auth_successful method. But when external authentication is being being performed by Apache (the endpoint location is protected) such as is the case with ECP we fail to populate the user attributes from the Info plugins, the net result is the SAML Assertion is returned without any attributes.
The upstream commit fixing this is: 678c35ffc62b62645ee8d8a86b38f445d0bbfa2d
Red Hat Enterprise Linux 7.2 introduced the Ipsilon identity provider service for federated single sign-on (SSO). Subsequently, Red Hat has released Red Hat Single Sign-On as a web SSO solution based on the Keycloak community project. Red Hat Single Sign-On provides greater capabilities than Ipsilon and is designated as the standard web SSO solution across the Red Hat product portfolio. Therefore, as mentioned in the RHEL-7.3 Release Notes: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.3_Release_Notes/chap-Red_Hat_Enterprise_Linux-7.3_Release_Notes-Deprecated_Functionality.html Ipsilon is now obsolete in RHEL and all existing Ipsilon users are recommended to migrate to Red Hat SSO product: https://access.redhat.com/products/red-hat-single-sign-on Please approach the Customer Service for advice. Given above, this Bugzilla is now closed as WONTFIX.