Project

General

Profile

Actions

Bug #19064

closed

External group mapping cannot be set when --foreman-ipa-authentication=true is used and no EXTERNAL user has been created yet

Added by Marek Hulán almost 7 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Authentication
Target version:
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1242821

Description of problem:

The EXTERNAL auth source only gets created when the first user gets auto-created based on external authentication (enabled with --foreman-ipa-authentication=true). That's why the admin will not even see the tab to specify external group mapping when creating/editing user groups.

The EXTERNAL auth source should either be always present, or created when --foreman-ipa-authentication=true is used.

Version-Release number of selected component (if applicable):

How reproducible:

Satellite 6.0 but the same behaviour in 6.1 as well.

Steps to Reproduce:
1. Enable external authentication via IdM using --foreman-ipa-authentication=true.
2. Attempt to define mapping of external groups to Satellite (Foreman) user groups.

Actual results:

Not possible, the tab is there because the EXTERNAL auth source is not there.

Expected results:

It should be possible even before the first externally-authenticated user has logged in / was auto-populated in the user database.

Additional info:


Related issues 2 (0 open2 closed)

Related to Foreman - Bug #15286: Missing API for external auth sourcesClosedDominik Hlavac Duran06/03/2016Actions
Related to Katello - Bug #19174: Tests relying on stubbing settings must be updated for external auth source seedingClosedMarek Hulán04/05/2017Actions
Actions #1

Updated by Marek Hulán almost 7 years ago

  • Subject changed from External group mapping cannot be set when --foreman-ipa-authentication=true is used and no EXTERNAL user has been created yet to External group mapping cannot be set when --foreman-ipa-authentication=true is used and no EXTERNAL user has been created yet
  • Category set to Authentication
  • Target version set to 115

The problem is in all versions of Foreman released so far since external authentication was implemented. I think we should simply seed the external auth source so it's there when someone configures e.g. Apache to do the authentication externally.

Actions #2

Updated by Dominic Cleal almost 7 years ago

Is this not a duplicate of #15286?

Actions #3

Updated by The Foreman Bot almost 7 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Marek Hulán
  • Pull request https://github.com/theforeman/foreman/pull/4420 added
Actions #4

Updated by Marek Hulán almost 7 years ago

This was a prerequisite but it turns out the hammer command works well if there's the external auth source. So I'll close the other one as dup of this, thanks.

Actions #5

Updated by Marek Hulán almost 7 years ago

  • Related to Bug #15286: Missing API for external auth sources added
Actions #6

Updated by Marek Hulán almost 7 years ago

  • Related to Bug #19174: Tests relying on stubbing settings must be updated for external auth source seeding added
Actions #7

Updated by Marek Hulán almost 7 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions #8

Updated by Bryan Kearney almost 7 years ago

@marek, any chance to get this into 1.15?

Actions #9

Updated by Marek Hulán almost 7 years ago

It was merged after the branching and I'm afraid it would be rejected. This also required a patch in Katello to avoid test failures - #19174
Daniel would you accept this cherry-pick? It's tiny yet useful fix.

Actions #10

Updated by Marek Hulán over 6 years ago

  • translation missing: en.field_release set to 240
Actions

Also available in: Atom PDF