1772398 – Could not specify organization/location for users that come from keycloak

Bug 1772398 - Could not specify organization/location for users that come from keycloak

Summary: Could not specify organization/location for users that come from keycloak

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Authentication
Sub Component:
Version:	6.7.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	6.7.0
Assignee:	Rahul Bajaj
QA Contact:	Nikhil Kathole
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2019-11-14 10:37 UTC by Nikhil Kathole
Modified:	2020-04-14 13:27 UTC (History)
CC List:	3 users (show)
Fixed In Version:	foreman-1.24.1-1,tfm-rubygem-hammer_cli_foreman-0.19.4-1
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-04-14 13:27:10 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Foreman Issue Tracker	28451	Normal	Closed	Add an option to update the taxonomies for the Auth Sources	2020-05-26 10:49:27 UTC
Foreman Issue Tracker	28520	Normal	Closed	Create rake task for external auth source creation	2020-05-26 10:49:28 UTC
Red Hat Product Errata	RHSA-2020:1454	None	None	None	2020-04-14 13:27:19 UTC

Description Nikhil Kathole 2019-11-14 10:37:34 UTC

Description of problem:

There is no way to specify for which org/loc user will be created in foreman.


Version-Release number of selected component (if applicable):
Satellite 6.7 snap 1


How reproducible:
always

Steps to Reproduce:
1. Configure keycloak with satellite
2. Create role in foreman with activation key view/delete/update/create permissions
3. Create usergroup in keycloak
4. Create usergroup with external usergroup as per keycloak and assign role created.
5. Login with user and visit activation key page.

Result:

Error 403 as user wont have org/loc assigned.

Expected :
Find a way to assign a default org/location to users that come from keycloak.

Additional info :
Upstream bug raised https://projects.theforeman.org/issues/26312 but corresponding PR don't resolve this issue.

Comment 3 Rahul Bajaj 2019-12-12 15:33:45 UTC

Hello,

Active discussion is being done on this topic and one can have access to the topic discussion here: https://github.com/theforeman/foreman/pull/7219
This is not a huge difficulty and has workarounds assoiciated with it. I will in detail list the workarounds in few days, once we have a conclusion for the 
currrent discussions.

Thanks,

Comment 4 Rahul Bajaj 2020-01-02 07:30:02 UTC

Hello,

This issue has been resolved here: https://github.com/theforeman/foreman/pull/7264
A complementing hammer command has also been merged here: https://github.com/theforeman/hammer-cli-foreman/commit/ebcd16b9d5038b1d6e8e658038b4f8c7958332b2

Moving this BZ to modified state.

Thanks,

Comment 5 Nikhil Kathole 2020-01-17 06:29:50 UTC

VERIFIED

Version tested:

Satellite 6.7 snap 8

This bugzilla provides a way of assigning org/loc to External auth-source from CLI, but still functionality from UI is missing. There is no way doing it via UI. Raised issue https://bugzilla.redhat.com/show_bug.cgi?id=1792131 for UI implementation and verifying this.

[root@sgi-uv20-01 ~]# hammer auth-source external list
---|---------
ID | NAME
---|---------
3 | External
---|---------
[root@sgi-uv20-01 ~]# hammer auth-source external update -h
Usage:
hammer auth-source external update [OPTIONS]

Options:
--id ID
--location LOCATION_NAME Location name
--location-id LOCATION_ID
--location-ids LOCATION_IDS REPLACE locations with given ids
Comma separated list of values. Values containing comma should be quoted or escaped with backslash.
JSON is acceptable and preferred way for complex parameters
--location-title LOCATION_TITLE Location title
--location-titles LOCATION_TITLES Comma separated list of values. Values containing comma should be quoted or escaped with backslash.
JSON is acceptable and preferred way for complex parameters
--locations LOCATION_NAMES Comma separated list of values. Values containing comma should be quoted or escaped with backslash.
JSON is acceptable and preferred way for complex parameters
--name NAME Name to search by
--new-name NEW_NAME
--organization ORGANIZATION_NAME Organization name
--organization-id ORGANIZATION_ID Organization ID
--organization-ids ORGANIZATION_IDS REPLACE organizations with given ids.
Comma separated list of values. Values containing comma should be quoted or escaped with backslash.
JSON is acceptable and preferred way for complex parameters
--organization-title ORGANIZATION_TITLE Organization title
--organization-titles ORGANIZATION_TITLES Comma separated list of values. Values containing comma should be quoted or escaped with backslash.
JSON is acceptable and preferred way for complex parameters
--organizations ORGANIZATION_NAMES Comma separated list of values. Values containing comma should be quoted or escaped with backslash.
JSON is acceptable and preferred way for complex parameters
-h, --help Print help

[root@sgi-uv20-01 ~]# hammer auth-source external update --id 3 --organization-ids 1,3 --location-ids 2,4
Successfully updated the External external auth source.
[root@sgi-uv20-01 ~]# hammer auth-source external info --id 3
Id: 3
Name: External
Locations:
Default Location
xyz
Organizations:
abc
Default Organization

Comment 9 errata-xmlrpc 2020-04-14 13:27:10 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:1454

Note You need to log in before you can comment on or make changes to this bug.