Bug 1772403 - Could not able to refresh external usergroup from keycloak
Summary: Could not able to refresh external usergroup from keycloak
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Authentication
Version: 6.7.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: 6.7.0
Assignee: Rahul Bajaj
QA Contact: Nikhil Kathole
Depends On:
TreeView+ depends on / blocked
Reported: 2019-11-14 10:41 UTC by Nikhil Kathole
Modified: 2020-04-14 13:27 UTC (History)
2 users (show)

Fixed In Version: foreman-1.24.1-1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2020-04-14 13:27:10 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Foreman Issue Tracker 26314 Normal Closed Could not refresh external usergroup from keycloak 2020-11-11 22:06:25 UTC
Red Hat Product Errata RHSA-2020:1454 None None None 2020-04-14 13:27:19 UTC

Description Nikhil Kathole 2019-11-14 10:41:39 UTC
Description of problem:

Version-Release number of selected component (if applicable):
Satellite 6.7 snap 1

How reproducible:

Steps to Reproduce:
1. Configure keycloak with satellite
2. Create usergroup in keycloak ex: named "foremanusergroup"
3. Navigate to usergroup- > create new - > add external usergroup and save
4. Click on usegroup created
5. Navigate to tab external usergroup and click on refresh

Actual results:

External user group foremanusergroup could not be refreshed and also could not able to sync/see users from external usergroup from keycloak in foreman..

and production.log showed
2019-03-12T08:12:23 [I|app|] Started PUT "/external_usergroups/foremanusergroup/refresh" for IP at 2019-03-12 08:12:23 -0400
2019-03-12T08:12:23 [I|app|f33930ed] Processing by ExternalUsergroupsController#refresh as HTML
2019-03-12T08:12:23 [I|app|f33930ed] Parameters: {"authenticity_token"=>"vY7MwjBBMVJ6lAxemIPwy1lM8kwVx4ZqMQrjmHT6e5KgFmJfSil7ae7VYfri7UD/aGCuoMcYLKLNhzwXUlPueA==", "id"=>"foremanusergroup"}
2019-03-12T08:12:23 [I|app|f33930ed] Current user set to admin (admin)
2019-03-12T08:12:23 [E|app|f33930ed] Failed to save:
2019-03-12T08:12:23 [I|app|f33930ed] Redirected to https://foreman.example.com/usergroups/1-foremanusergroup/edit
2019-03-12T08:12:23 [I|app|f33930ed] Completed 302 Found in 13ms (ActiveRecord: 2.8ms)


Successfully refreshed external usergroup and also able to sync/see users from external usergroup from keycloak in foreman.

Comment 3 Bryan Kearney 2019-11-14 11:05:31 UTC
Upstream bug assigned to rabajaj@redhat.com

Comment 4 Rahul Bajaj 2019-12-12 15:40:38 UTC

While using OpenID Connect, the users bring with them a token every time they login to the foreman. And therefore, we do not require refresh functionality.
The user would require to logout and then login again, this action will automatically refresh the features of the given user. That said we need to disable the 
refresh button.

I shall do that and link the PR to this BZ :)


Comment 5 Bryan Kearney 2019-12-31 01:04:54 UTC
Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/26314 has been resolved.

Comment 6 Nikhil Kathole 2020-01-16 19:43:44 UTC

Version tested:
Satellite 6.7 snap 8

External usergroup refresh button is disabled for "EXTERNAL" auth-source and also updated usergroup membership is passed from RHSSO on every user login in satellite.

Comment 9 errata-xmlrpc 2020-04-14 13:27:10 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.