Description of problem: There is no way to specify for which org/loc user will be created in foreman. Version-Release number of selected component (if applicable): Satellite 6.7 snap 1 How reproducible: always Steps to Reproduce: 1. Configure keycloak with satellite 2. Create role in foreman with activation key view/delete/update/create permissions 3. Create usergroup in keycloak 4. Create usergroup with external usergroup as per keycloak and assign role created. 5. Login with user and visit activation key page. Result: Error 403 as user wont have org/loc assigned. Expected : Find a way to assign a default org/location to users that come from keycloak. Additional info : Upstream bug raised https://projects.theforeman.org/issues/26312 but corresponding PR don't resolve this issue.
Hello, Active discussion is being done on this topic and one can have access to the topic discussion here: https://github.com/theforeman/foreman/pull/7219 This is not a huge difficulty and has workarounds assoiciated with it. I will in detail list the workarounds in few days, once we have a conclusion for the currrent discussions. Thanks,
Hello, This issue has been resolved here: https://github.com/theforeman/foreman/pull/7264 A complementing hammer command has also been merged here: https://github.com/theforeman/hammer-cli-foreman/commit/ebcd16b9d5038b1d6e8e658038b4f8c7958332b2 Moving this BZ to modified state. Thanks,
VERIFIED Version tested: Satellite 6.7 snap 8 This bugzilla provides a way of assigning org/loc to External auth-source from CLI, but still functionality from UI is missing. There is no way doing it via UI. Raised issue https://bugzilla.redhat.com/show_bug.cgi?id=1792131 for UI implementation and verifying this. [root@sgi-uv20-01 ~]# hammer auth-source external list ---|--------- ID | NAME ---|--------- 3 | External ---|--------- [root@sgi-uv20-01 ~]# hammer auth-source external update -h Usage: hammer auth-source external update [OPTIONS] Options: --id ID --location LOCATION_NAME Location name --location-id LOCATION_ID --location-ids LOCATION_IDS REPLACE locations with given ids Comma separated list of values. Values containing comma should be quoted or escaped with backslash. JSON is acceptable and preferred way for complex parameters --location-title LOCATION_TITLE Location title --location-titles LOCATION_TITLES Comma separated list of values. Values containing comma should be quoted or escaped with backslash. JSON is acceptable and preferred way for complex parameters --locations LOCATION_NAMES Comma separated list of values. Values containing comma should be quoted or escaped with backslash. JSON is acceptable and preferred way for complex parameters --name NAME Name to search by --new-name NEW_NAME --organization ORGANIZATION_NAME Organization name --organization-id ORGANIZATION_ID Organization ID --organization-ids ORGANIZATION_IDS REPLACE organizations with given ids. Comma separated list of values. Values containing comma should be quoted or escaped with backslash. JSON is acceptable and preferred way for complex parameters --organization-title ORGANIZATION_TITLE Organization title --organization-titles ORGANIZATION_TITLES Comma separated list of values. Values containing comma should be quoted or escaped with backslash. JSON is acceptable and preferred way for complex parameters --organizations ORGANIZATION_NAMES Comma separated list of values. Values containing comma should be quoted or escaped with backslash. JSON is acceptable and preferred way for complex parameters -h, --help Print help [root@sgi-uv20-01 ~]# hammer auth-source external update --id 3 --organization-ids 1,3 --location-ids 2,4 Successfully updated the External external auth source. [root@sgi-uv20-01 ~]# hammer auth-source external info --id 3 Id: 3 Name: External Locations: Default Location xyz Organizations: abc Default Organization
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:1454