Description of problem: Version-Release number of selected component (if applicable): Satellite 6.7 snap 1 How reproducible: Steps to Reproduce: 1. Configure keycloak with satellite 2. Create usergroup in keycloak ex: named "foremanusergroup" 3. Navigate to usergroup- > create new - > add external usergroup and save 4. Click on usegroup created 5. Navigate to tab external usergroup and click on refresh Actual results: External user group foremanusergroup could not be refreshed and also could not able to sync/see users from external usergroup from keycloak in foreman.. and production.log showed 2019-03-12T08:12:23 [I|app|] Started PUT "/external_usergroups/foremanusergroup/refresh" for IP at 2019-03-12 08:12:23 -0400 2019-03-12T08:12:23 [I|app|f33930ed] Processing by ExternalUsergroupsController#refresh as HTML 2019-03-12T08:12:23 [I|app|f33930ed] Parameters: {"authenticity_token"=>"vY7MwjBBMVJ6lAxemIPwy1lM8kwVx4ZqMQrjmHT6e5KgFmJfSil7ae7VYfri7UD/aGCuoMcYLKLNhzwXUlPueA==", "id"=>"foremanusergroup"} 2019-03-12T08:12:23 [I|app|f33930ed] Current user set to admin (admin) 2019-03-12T08:12:23 [E|app|f33930ed] Failed to save: 2019-03-12T08:12:23 [I|app|f33930ed] Redirected to https://foreman.example.com/usergroups/1-foremanusergroup/edit 2019-03-12T08:12:23 [I|app|f33930ed] Completed 302 Found in 13ms (ActiveRecord: 2.8ms) Expected: Successfully refreshed external usergroup and also able to sync/see users from external usergroup from keycloak in foreman.
Upstream bug assigned to rabajaj
Hello, While using OpenID Connect, the users bring with them a token every time they login to the foreman. And therefore, we do not require refresh functionality. The user would require to logout and then login again, this action will automatically refresh the features of the given user. That said we need to disable the refresh button. I shall do that and link the PR to this BZ :) Thanks,
Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/26314 has been resolved.
VERIFIED Version tested: Satellite 6.7 snap 8 External usergroup refresh button is disabled for "EXTERNAL" auth-source and also updated usergroup membership is passed from RHSSO on every user login in satellite.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:1454