Bug #19064
External group mapping cannot be set when --foreman-ipa-authentication=true is used and no EXTERNAL user has been created yet
Description
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1242821
Description of problem:
The EXTERNAL auth source only gets created when the first user gets auto-created based on external authentication (enabled with --foreman-ipa-authentication=true). That's why the admin will not even see the tab to specify external group mapping when creating/editing user groups.
The EXTERNAL auth source should either be always present, or created when --foreman-ipa-authentication=true is used.
Version-Release number of selected component (if applicable):
How reproducible:
Satellite 6.0 but the same behaviour in 6.1 as well.
Steps to Reproduce:
1. Enable external authentication via IdM using --foreman-ipa-authentication=true.
2. Attempt to define mapping of external groups to Satellite (Foreman) user groups.
Actual results:
Not possible, the tab is there because the EXTERNAL auth source is not there.
Expected results:
It should be possible even before the first externally-authenticated user has logged in / was auto-populated in the user database.
Additional info:
Related issues
Associated revisions
History
#1
Updated by Marek Hulán over 5 years ago
- Subject changed from External group mapping cannot be set when --foreman-ipa-authentication=true is used and no EXTERNAL user has been created yet to External group mapping cannot be set when --foreman-ipa-authentication=true is used and no EXTERNAL user has been created yet
- Category set to Authentication
- Target version set to 115
The problem is in all versions of Foreman released so far since external authentication was implemented. I think we should simply seed the external auth source so it's there when someone configures e.g. Apache to do the authentication externally.
#2
Updated by Dominic Cleal over 5 years ago
Is this not a duplicate of #15286?
#3
Updated by The Foreman Bot over 5 years ago
- Status changed from New to Ready For Testing
- Assignee set to Marek Hulán
- Pull request https://github.com/theforeman/foreman/pull/4420 added
#4
Updated by Marek Hulán over 5 years ago
This was a prerequisite but it turns out the hammer command works well if there's the external auth source. So I'll close the other one as dup of this, thanks.
#5
Updated by Marek Hulán over 5 years ago
- Related to Bug #15286: Missing API for external auth sources added
#6
Updated by Marek Hulán over 5 years ago
- Related to Bug #19174: Tests relying on stubbing settings must be updated for external auth source seeding added
#7
Updated by Marek Hulán over 5 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset 23b7d7bf30d0af14ef297d4fcc0e43e55b791f9c.
#8
Updated by Bryan Kearney over 5 years ago
@marek, any chance to get this into 1.15?
#9
Updated by Marek Hulán over 5 years ago
It was merged after the branching and I'm afraid it would be rejected. This also required a patch in Katello to avoid test failures - #19174
Daniel would you accept this cherry-pick? It's tiny yet useful fix.
#10
Updated by Marek Hulán almost 5 years ago
- Legacy Backlogs Release (now unused) set to 240
Fixes #19064 - seed the external auth source