Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1772398 - Could not specify organization/location for users that come from keycloak
Summary: Could not specify organization/location for users that come from keycloak
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Authentication
Version: 6.7.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: 6.7.0
Assignee: Rahul Bajaj
QA Contact: Nikhil Kathole
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-11-14 10:37 UTC by Nikhil Kathole
Modified: 2020-04-14 13:27 UTC (History)
3 users (show)

Fixed In Version: foreman-1.24.1-1,tfm-rubygem-hammer_cli_foreman-0.19.4-1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-04-14 13:27:10 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 28451 0 Normal Closed Add an option to update the taxonomies for the Auth Sources 2020-05-26 10:49:27 UTC
Foreman Issue Tracker 28520 0 Normal Closed Create rake task for external auth source creation 2020-05-26 10:49:28 UTC
Red Hat Product Errata RHSA-2020:1454 0 None None None 2020-04-14 13:27:19 UTC

Description Nikhil Kathole 2019-11-14 10:37:34 UTC 
Description of problem:

There is no way to specify for which org/loc user will be created in foreman.


Version-Release number of selected component (if applicable):
Satellite 6.7 snap 1


How reproducible:
always

Steps to Reproduce:
1. Configure keycloak with satellite
2. Create role in foreman with activation key view/delete/update/create permissions
3. Create usergroup in keycloak
4. Create usergroup with external usergroup as per keycloak and assign role created.
5. Login with user and visit activation key page.

Result:

Error 403 as user wont have org/loc assigned.

Expected :
Find a way to assign a default org/location to users that come from keycloak.

Additional info :
Upstream bug raised https://projects.theforeman.org/issues/26312 but corresponding PR don't resolve this issue.
Comment 3 Rahul Bajaj 2019-12-12 15:33:45 UTC 
Hello,

Active discussion is being done on this topic and one can have access to the topic discussion here: https://github.com/theforeman/foreman/pull/7219
This is not a huge difficulty and has workarounds assoiciated with it. I will in detail list the workarounds in few days, once we have a conclusion for the 
currrent discussions.

Thanks,
Comment 4 Rahul Bajaj 2020-01-02 07:30:02 UTC 
Hello,

This issue has been resolved here: https://github.com/theforeman/foreman/pull/7264
A complementing hammer command has also been merged here: https://github.com/theforeman/hammer-cli-foreman/commit/ebcd16b9d5038b1d6e8e658038b4f8c7958332b2

Moving this BZ to modified state.

Thanks,
Comment 5 Nikhil Kathole 2020-01-17 06:29:50 UTC 
VERIFIED

Version tested:

Satellite 6.7 snap 8

This bugzilla provides a way of assigning org/loc to External auth-source from CLI, but still functionality from UI is missing. There is no way doing it via UI. Raised issue https://bugzilla.redhat.com/show_bug.cgi?id=1792131 for UI implementation and verifying this.

[root@sgi-uv20-01 ~]# hammer auth-source external list
---|---------
ID | NAME    
---|---------
3  | External
---|---------
[root@sgi-uv20-01 ~]# hammer auth-source external update -h
Usage:
    hammer auth-source external update [OPTIONS]

Options:
 --id ID                                    
 --location LOCATION_NAME                  Location name
 --location-id LOCATION_ID                  
 --location-ids LOCATION_IDS               REPLACE locations with given ids
                                           Comma separated list of values. Values containing comma should be quoted or escaped with backslash.
                                           JSON is acceptable and preferred way for complex parameters
 --location-title LOCATION_TITLE           Location title
 --location-titles LOCATION_TITLES         Comma separated list of values. Values containing comma should be quoted or escaped with backslash.
                                           JSON is acceptable and preferred way for complex parameters
 --locations LOCATION_NAMES                Comma separated list of values. Values containing comma should be quoted or escaped with backslash.
                                           JSON is acceptable and preferred way for complex parameters
 --name NAME                               Name to search by
 --new-name NEW_NAME                        
 --organization ORGANIZATION_NAME          Organization name
 --organization-id ORGANIZATION_ID         Organization ID
 --organization-ids ORGANIZATION_IDS       REPLACE organizations with given ids.
                                           Comma separated list of values. Values containing comma should be quoted or escaped with backslash.
                                           JSON is acceptable and preferred way for complex parameters
 --organization-title ORGANIZATION_TITLE   Organization title
 --organization-titles ORGANIZATION_TITLES Comma separated list of values. Values containing comma should be quoted or escaped with backslash.
                                           JSON is acceptable and preferred way for complex parameters
 --organizations ORGANIZATION_NAMES        Comma separated list of values. Values containing comma should be quoted or escaped with backslash.
                                           JSON is acceptable and preferred way for complex parameters
 -h, --help                                Print help


[root@sgi-uv20-01 ~]# hammer auth-source external update --id 3 --organization-ids 1,3 --location-ids 2,4
Successfully updated the External external auth source.
[root@sgi-uv20-01 ~]# hammer auth-source external info --id 3
Id:            3
Name:          External
Locations:     
    Default Location
    xyz
Organizations: 
    abc
    Default Organization
Comment 9 errata-xmlrpc 2020-04-14 13:27:10 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:1454
Note You need to log in before you can comment on or make changes to this bug.