← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1390085] Re: if REMOTE_USER is returned from apache plugin, it shouldn't need to be mapped

 

** Changed in: keystone
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1390085

Title:
  if REMOTE_USER is returned from apache plugin, it shouldn't need to be
  mapped

Status in OpenStack Identity (Keystone):
  Fix Released

Bug description:
  With mod_auth_openidc (and many other apache plugins) the authN'ed
  user name is set in the REMOTE_USER field of the environment. The
  current code somewhat accounts for this, but the value is in the end,
  ignored.  The user still needs to have a map that sets the user name.

  
  For instance, the following mapping:

  [
        {
                  "local": [
                      {
                          "user": {
                              "name": "{0}"
                          }
                      }
                  ],
                  "remote": [
                      {
                          "type": "HTTP_OIDC_EMAIL"
                      }
                  ]
              },
              {
                  "local": [
                      {
                          "group": {
                              "id": "238c44612bcb411f86503cd2f91fd5db"
                          }
                      }
                  ],
                  "remote": [
                      {
                          "type": "HTTP_OIDC_ISS",
                          "any_one_of": [
                              "accounts.google.com"
                          ]
                      }
                  ]
              }
          ]

  
  should be reduced to just, since the username is set in the REMOTE_USER field.

  [
        {
              {
                  "local": [
                      {
                          "group": {
                              "id": "238c44612bcb411f86503cd2f91fd5db"
                          }
                      }
                  ],
                  "remote": [
                      {
                          "type": "HTTP_OIDC_ISS",
                          "any_one_of": [
                              "accounts.google.com"
                          ]
                      }
                  ]
              }
          ]

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1390085/+subscriptions


References