Bug 1772398 - Could not specify organization/location for users that come from keycloak
Summary: Could not specify organization/location for users that come from keycloak
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Authentication
Version: 6.7.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: 6.7.0
Assignee: Rahul Bajaj
QA Contact: Nikhil Kathole
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-11-14 10:37 UTC by Nikhil Kathole
Modified: 2020-04-14 13:27 UTC (History)
3 users (show)

Fixed In Version: foreman-1.24.1-1,tfm-rubygem-hammer_cli_foreman-0.19.4-1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-04-14 13:27:10 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Foreman Issue Tracker 28451 Normal Closed Add an option to update the taxonomies for the Auth Sources 2020-05-26 10:49:27 UTC
Foreman Issue Tracker 28520 Normal Closed Create rake task for external auth source creation 2020-05-26 10:49:28 UTC
Red Hat Product Errata RHSA-2020:1454 None None None 2020-04-14 13:27:19 UTC

Description Nikhil Kathole 2019-11-14 10:37:34 UTC
Description of problem:

There is no way to specify for which org/loc user will be created in foreman.


Version-Release number of selected component (if applicable):
Satellite 6.7 snap 1


How reproducible:
always

Steps to Reproduce:
1. Configure keycloak with satellite
2. Create role in foreman with activation key view/delete/update/create permissions
3. Create usergroup in keycloak
4. Create usergroup with external usergroup as per keycloak and assign role created.
5. Login with user and visit activation key page.

Result:

Error 403 as user wont have org/loc assigned.

Expected :
Find a way to assign a default org/location to users that come from keycloak.

Additional info :
Upstream bug raised https://projects.theforeman.org/issues/26312 but corresponding PR don't resolve this issue.

Comment 3 Rahul Bajaj 2019-12-12 15:33:45 UTC
Hello,

Active discussion is being done on this topic and one can have access to the topic discussion here: https://github.com/theforeman/foreman/pull/7219
This is not a huge difficulty and has workarounds assoiciated with it. I will in detail list the workarounds in few days, once we have a conclusion for the 
currrent discussions.

Thanks,

Comment 4 Rahul Bajaj 2020-01-02 07:30:02 UTC
Hello,

This issue has been resolved here: https://github.com/theforeman/foreman/pull/7264
A complementing hammer command has also been merged here: https://github.com/theforeman/hammer-cli-foreman/commit/ebcd16b9d5038b1d6e8e658038b4f8c7958332b2

Moving this BZ to modified state.

Thanks,

Comment 5 Nikhil Kathole 2020-01-17 06:29:50 UTC
VERIFIED

Version tested:

Satellite 6.7 snap 8

This bugzilla provides a way of assigning org/loc to External auth-source from CLI, but still functionality from UI is missing. There is no way doing it via UI. Raised issue https://bugzilla.redhat.com/show_bug.cgi?id=1792131 for UI implementation and verifying this.

[root@sgi-uv20-01 ~]# hammer auth-source external list
---|---------
ID | NAME    
---|---------
3  | External
---|---------
[root@sgi-uv20-01 ~]# hammer auth-source external update -h
Usage:
    hammer auth-source external update [OPTIONS]

Options:
 --id ID                                    
 --location LOCATION_NAME                  Location name
 --location-id LOCATION_ID                  
 --location-ids LOCATION_IDS               REPLACE locations with given ids
                                           Comma separated list of values. Values containing comma should be quoted or escaped with backslash.
                                           JSON is acceptable and preferred way for complex parameters
 --location-title LOCATION_TITLE           Location title
 --location-titles LOCATION_TITLES         Comma separated list of values. Values containing comma should be quoted or escaped with backslash.
                                           JSON is acceptable and preferred way for complex parameters
 --locations LOCATION_NAMES                Comma separated list of values. Values containing comma should be quoted or escaped with backslash.
                                           JSON is acceptable and preferred way for complex parameters
 --name NAME                               Name to search by
 --new-name NEW_NAME                        
 --organization ORGANIZATION_NAME          Organization name
 --organization-id ORGANIZATION_ID         Organization ID
 --organization-ids ORGANIZATION_IDS       REPLACE organizations with given ids.
                                           Comma separated list of values. Values containing comma should be quoted or escaped with backslash.
                                           JSON is acceptable and preferred way for complex parameters
 --organization-title ORGANIZATION_TITLE   Organization title
 --organization-titles ORGANIZATION_TITLES Comma separated list of values. Values containing comma should be quoted or escaped with backslash.
                                           JSON is acceptable and preferred way for complex parameters
 --organizations ORGANIZATION_NAMES        Comma separated list of values. Values containing comma should be quoted or escaped with backslash.
                                           JSON is acceptable and preferred way for complex parameters
 -h, --help                                Print help


[root@sgi-uv20-01 ~]# hammer auth-source external update --id 3 --organization-ids 1,3 --location-ids 2,4
Successfully updated the External external auth source.
[root@sgi-uv20-01 ~]# hammer auth-source external info --id 3
Id:            3
Name:          External
Locations:     
    Default Location
    xyz
Organizations: 
    abc
    Default Organization

Comment 9 errata-xmlrpc 2020-04-14 13:27:10 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:1454


Note You need to log in before you can comment on or make changes to this bug.