Project

General

Profile

Actions

Feature #3892

closed

When new users are created based on REMOTE_USER authentication, their roles should be populated as well

Added by Jan Pazdziora over 10 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Authentication
Target version:
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

The issue http://projects.theforeman.org/issues/3312 made the REMOTE_USER authentication usable for other authentication mechanisms than just HTTP Basic. When the user is populated in Foreman database upon successful logon, the issue http://projects.theforeman.org/issues/3528 made it possible to populate their name and email address based on information in the external identity provider like FreeIPA. The user no longer needs to be redirected to add their email address manually. These two issues have been implemented (as of Foreman 1.4) and are documented at http://projects.theforeman.org/projects/foreman/wiki/Foreman_and_mod_auth_kerb and in Foreman manual http://theforeman.org/manuals/1.4/index.html#5.7SPNEGOauthentication.

Beyond name and email address, another useful information that Foreman can obtain from external identity provider like FreeIPA is group membership which can be used to drive roles for Foreman users.
Based on http://www.freeipa.org/page/Environment_Variables#Proposed_Additional_Variables, we propose to populate group membership of the new user based on the REMOTE_USER_GROUP_N and REMOTE_USER_GROUP_# environment variables.

The current pull request for this feature is https://github.com/theforeman/foreman/pull/1328.

Followup feature is http://projects.theforeman.org/issues/5242 with pull request https://github.com/theforeman/foreman/pull/1391 which will make both user attributes and the group membership up-to-date after every external logon.


Related issues 5 (1 open4 closed)

Related to Foreman - Feature #813: Support AD group membership for authorization and authenticationClosedDaniel Lobato Garcia03/31/2011Actions
Blocks Foreman - Tracker #5031: External authentication supportNew04/02/2014

Actions
Blocked by Foreman - Feature #5241: Add support for external group mappingClosedJan Pazdziora04/18/2014Actions
Blocks Foreman - Feature #5242: Keeping user's attributes and group membership up-to-date even during subsequent logonsClosedJan Pazdziora04/18/2014Actions
Copied from Foreman - Feature #3528: When new users are created based on REMOTE_USER authentication, their attributes should be populated as wellClosedJan Pazdziora10/28/2013Actions
Actions #1

Updated by Jan Pazdziora over 10 years ago

  • Copied from Feature #3528: When new users are created based on REMOTE_USER authentication, their attributes should be populated as well added
Actions #2

Updated by Dominic Cleal about 10 years ago

  • Target version set to 1.9.0
Actions #3

Updated by Dominic Cleal about 10 years ago

  • Related to Feature #813: Support AD group membership for authorization and authentication added
Actions #4

Updated by Daniel Lobato Garcia about 10 years ago

  • Assignee set to Daniel Lobato Garcia
Actions #5

Updated by Anonymous about 10 years ago

  • Target version changed from 1.9.0 to 1.8.4
Actions #6

Updated by Jan Pazdziora about 10 years ago

Filed pull request https://github.com/theforeman/foreman/pull/1328 which will process output of mod_lookup_identity's

LookupUserGroupsIter REMOTE_USER_GROUP

configuration.

Actions #7

Updated by Dominic Cleal about 10 years ago

  • Status changed from New to Ready For Testing
  • Assignee changed from Daniel Lobato Garcia to Jan Pazdziora
Actions #8

Updated by Jan Pazdziora almost 10 years ago

  • Description updated (diff)
Actions #9

Updated by Dominic Cleal almost 10 years ago

Actions #10

Updated by Jan Pazdziora almost 10 years ago

  • Blocked by Feature #5241: Add support for external group mapping added
Actions #11

Updated by Jan Pazdziora almost 10 years ago

  • Description updated (diff)
Actions #12

Updated by Anonymous almost 10 years ago

  • Target version changed from 1.8.4 to 1.8.3
Actions #13

Updated by Anonymous almost 10 years ago

  • Target version changed from 1.8.3 to 1.8.4
Actions #14

Updated by Anonymous almost 10 years ago

  • Target version changed from 1.8.4 to 1.8.3
Actions #15

Updated by Jan Pazdziora almost 10 years ago

  • Blocks Feature #5242: Keeping user's attributes and group membership up-to-date even during subsequent logons added
Actions #16

Updated by Dominic Cleal almost 10 years ago

  • translation missing: en.field_release set to 10
Actions #17

Updated by Jan Pazdziora almost 10 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions

Also available in: Atom PDF