External group mapping cannot be set when --foreman-ipa-authentication=true is used and no EXTERNAL user has been created yet
|Assigned To:||Marek Hulán|
|Target version:||Team Marek backlog|
|Found in release:||Pull request:||https://github.com/theforeman/foreman/pull/4420|
|Velocity based estimate||-|
Description of problem:
The EXTERNAL auth source only gets created when the first user gets auto-created based on external authentication (enabled with --foreman-ipa-authentication=true). That's why the admin will not even see the tab to specify external group mapping when creating/editing user groups.
The EXTERNAL auth source should either be always present, or created when --foreman-ipa-authentication=true is used.
Version-Release number of selected component (if applicable):
Satellite 6.0 but the same behaviour in 6.1 as well.
Steps to Reproduce:
1. Enable external authentication via IdM using --foreman-ipa-authentication=true.
2. Attempt to define mapping of external groups to Satellite (Foreman) user groups.
Not possible, the tab is there because the EXTERNAL auth source is not there.
It should be possible even before the first externally-authenticated user has logged in / was auto-populated in the user database.
#1 Updated by Marek Hulán about 1 year ago
- Subject changed from External group mapping cannot be set when --foreman-ipa-authentication=true is used and no EXTERNAL user has been created yet to External group mapping cannot be set when --foreman-ipa-authentication=true is used and no EXTERNAL user has been created yet
- Category set to Authentication
- Target version set to Team Marek backlog
The problem is in all versions of Foreman released so far since external authentication was implemented. I think we should simply seed the external auth source so it's there when someone configures e.g. Apache to do the authentication externally.