yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1597101] Re: WebSSO username shows as a UUID in the Horizon page

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1597101@xxxxxxxxxxxxxxxxxx>
Date: Mon, 18 Jul 2016 16:58:52 -0000
Reply-to: Bug 1597101 <1597101@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/335617
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=2042c955c81929deb47bc8cc77082b085faaa47d
Submitter: Jenkins
Branch:    master

commit 2042c955c81929deb47bc8cc77082b085faaa47d
Author: Roxana Gherle <roxana.gherle@xxxxxxx>
Date:   Wed Jun 29 11:21:13 2016 -0700

    Fix the username value in federated tokens
    
    Currently, in both unscoped and scoped federated tokens, the
    username value in the token is equal to the userid and not to
    the value of the username in the external identity provider.
    This makes WebSSO login to show the userid of the logged-in
    user in the Horizon dashboard, whereas before it was showing
    the actual user name.
    
    This patch fixes the value of the username in the federated
    tokens, which will fix the WebSSO issue as well, since Horizon
    looks at the username value and displays that as the logged-in user.
    
    Closes-Bug: #1597101
    Closes-Bug: #1482701
    Change-Id: I33a0274641c4e6bc4e127f5206ba9bc7dbd8e5a8


** Changed in: keystone
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1597101

Title:
  WebSSO username shows as a UUID in the Horizon page

Status in OpenStack Identity (keystone):
  Fix Released

Bug description:
  When you login into Horizon using Web Single Sign On with saml2 or oidc federation protocols, the logged in user shows as a UUID (the user's ID) in the Horizon page. This was different before when the specific username from the external identity provider was showed by the Horizon dashboard.
  This happens because both the unscoped and scoped federated tokens have both the user.id and user.name the ID of the user. The actual username does not show in the federated token.

  This change in the behavior seems to have happened after introducing
  shadow users functionality, because the token was containg the
  username for both user.id and user.name in the pre-mitaka releases but
  now that changed to both containing the UUID.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1597101/+subscriptions

References

[Bug 1597101] [NEW] WebSSO username shows as a UUID in the Horizon page
From: Roxana Gherle, 2016-06-28