Bug #19064

External group mapping cannot be set when --foreman-ipa-authentication=true is used and no EXTERNAL user has been created yet

Added by Marek Hulán 3 months ago. Updated 2 months ago.

Status:Closed
Priority:Normal
Assigned To:Marek Hulán
Category:Authentication
Target version:Team Marek backlog
Difficulty: Bugzilla link:1242821
Found in release: Pull request:https://github.com/theforeman/foreman/pull/4420
Story points-
Velocity based estimate-

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1242821

Description of problem:

The EXTERNAL auth source only gets created when the first user gets auto-created based on external authentication (enabled with --foreman-ipa-authentication=true). That's why the admin will not even see the tab to specify external group mapping when creating/editing user groups.

The EXTERNAL auth source should either be always present, or created when --foreman-ipa-authentication=true is used.

Version-Release number of selected component (if applicable):

How reproducible:

Satellite 6.0 but the same behaviour in 6.1 as well.

Steps to Reproduce:
1. Enable external authentication via IdM using --foreman-ipa-authentication=true.
2. Attempt to define mapping of external groups to Satellite (Foreman) user groups.

Actual results:

Not possible, the tab is there because the EXTERNAL auth source is not there.

Expected results:

It should be possible even before the first externally-authenticated user has logged in / was auto-populated in the user database.

Additional info:


Related issues

Related to Foreman - Bug #15286: Missing API for external auth sources New 06/03/2016
Related to Katello - Bug #19174: Tests relying on stubbing settings must be updated for ex... Closed 04/05/2017

Associated revisions

Revision 23b7d7bf
Added by Marek Hulán 3 months ago

Fixes #19064 - seed the external auth source

History

#1 Updated by Marek Hulán 3 months ago

  • Subject changed from External group mapping cannot be set when --foreman-ipa-authentication=true is used and no EXTERNAL user has been created yet to External group mapping cannot be set when --foreman-ipa-authentication=true is used and no EXTERNAL user has been created yet
  • Category set to Authentication
  • Target version set to Team Marek backlog

The problem is in all versions of Foreman released so far since external authentication was implemented. I think we should simply seed the external auth source so it's there when someone configures e.g. Apache to do the authentication externally.

#2 Updated by Dominic Cleal 3 months ago

Is this not a duplicate of #15286?

#3 Updated by The Foreman Bot 3 months ago

  • Status changed from New to Ready For Testing
  • Assigned To set to Marek Hulán
  • Pull request https://github.com/theforeman/foreman/pull/4420 added

#4 Updated by Marek Hulán 3 months ago

This was a prerequisite but it turns out the hammer command works well if there's the external auth source. So I'll close the other one as dup of this, thanks.

#5 Updated by Marek Hulán 3 months ago

  • Related to Bug #15286: Missing API for external auth sources added

#6 Updated by Marek Hulán 3 months ago

  • Related to Bug #19174: Tests relying on stubbing settings must be updated for external auth source seeding added

#7 Updated by Marek Hulán 3 months ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#8 Updated by Bryan Kearney 2 months ago

@marek, any chance to get this into 1.15?

#9 Updated by Marek Hulán 2 months ago

It was merged after the branching and I'm afraid it would be rejected. This also required a patch in Katello to avoid test failures - #19174
Daniel would you accept this cherry-pick? It's tiny yet useful fix.

Also available in: Atom PDF