yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1597101] [NEW] WebSSO username shows as a UUID in the Horizon page

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Roxana Gherle <roxana.gherle@xxxxxx>
Date: Tue, 28 Jun 2016 20:46:58 -0000
Reply-to: Bug 1597101 <1597101@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

When you login into Horizon using Web Single Sign On with saml2 or oidc federation protocols, the logged in user shows as a UUID (the user's ID) in the Horizon page. This was different before when the specific username from the external identity provider was showed by the Horizon dashboard.
This happens because both the unscoped and scoped federated tokens have both the user.id and user.name the ID of the user. The actual username does not show in the federated token.

This change in the behavior seems to have happened after introducing
shadow users functionality, because the token was containg the username
for both user.id and user.name in the pre-mitaka releases but now that
changed to both containing the UUID.

** Affects: keystone
Importance: Undecided
Assignee: Roxana Gherle (roxana-gherle)
Status: New

** Changed in: keystone
Assignee: (unassigned) => Roxana Gherle (roxana-gherle)

--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1597101

Title:
WebSSO username shows as a UUID in the Horizon page

Status in OpenStack Identity (keystone):
New

Bug description:
When you login into Horizon using Web Single Sign On with saml2 or oidc federation protocols, the logged in user shows as a UUID (the user's ID) in the Horizon page. This was different before when the specific username from the external identity provider was showed by the Horizon dashboard.
This happens because both the unscoped and scoped federated tokens have both the user.id and user.name the ID of the user. The actual username does not show in the federated token.

This change in the behavior seems to have happened after introducing
shadow users functionality, because the token was containg the
username for both user.id and user.name in the pre-mitaka releases but
now that changed to both containing the UUID.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1597101/+subscriptions

Follow ups

[Bug 1597101] Re: WebSSO username shows as a UUID in the Horizon page
From: OpenStack Infra, 2016-07-18