Bug #19064
closedExternal group mapping cannot be set when --foreman-ipa-authentication=true is used and no EXTERNAL user has been created yet
Description
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1242821
Description of problem:
The EXTERNAL auth source only gets created when the first user gets auto-created based on external authentication (enabled with --foreman-ipa-authentication=true). That's why the admin will not even see the tab to specify external group mapping when creating/editing user groups.
The EXTERNAL auth source should either be always present, or created when --foreman-ipa-authentication=true is used.
Version-Release number of selected component (if applicable):
How reproducible:
Satellite 6.0 but the same behaviour in 6.1 as well.
Steps to Reproduce:
1. Enable external authentication via IdM using --foreman-ipa-authentication=true.
2. Attempt to define mapping of external groups to Satellite (Foreman) user groups.
Actual results:
Not possible, the tab is there because the EXTERNAL auth source is not there.
Expected results:
It should be possible even before the first externally-authenticated user has logged in / was auto-populated in the user database.
Additional info:
Updated by Marek Hulán over 7 years ago
- Subject changed from External group mapping cannot be set when --foreman-ipa-authentication=true is used and no EXTERNAL user has been created yet to External group mapping cannot be set when --foreman-ipa-authentication=true is used and no EXTERNAL user has been created yet
- Category set to Authentication
- Target version set to 115
The problem is in all versions of Foreman released so far since external authentication was implemented. I think we should simply seed the external auth source so it's there when someone configures e.g. Apache to do the authentication externally.
Updated by The Foreman Bot over 7 years ago
- Status changed from New to Ready For Testing
- Assignee set to Marek Hulán
- Pull request https://github.com/theforeman/foreman/pull/4420 added
Updated by Marek Hulán over 7 years ago
This was a prerequisite but it turns out the hammer command works well if there's the external auth source. So I'll close the other one as dup of this, thanks.
Updated by Marek Hulán over 7 years ago
- Related to Bug #15286: Missing API for external auth sources added
Updated by Marek Hulán over 7 years ago
- Related to Bug #19174: Tests relying on stubbing settings must be updated for external auth source seeding added
Updated by Marek Hulán over 7 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset 23b7d7bf30d0af14ef297d4fcc0e43e55b791f9c.
Updated by Bryan Kearney over 7 years ago
@marek, any chance to get this into 1.15?
Updated by Marek Hulán over 7 years ago
It was merged after the branching and I'm afraid it would be rejected. This also required a patch in Katello to avoid test failures - #19174
Daniel would you accept this cherry-pick? It's tiny yet useful fix.
Updated by Marek Hulán almost 7 years ago
- Translation missing: en.field_release set to 240