Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Current OIDC plugin does not name new accounts properly #3

Open
mkosek opened this issue Nov 20, 2017 · 2 comments
Open

Current OIDC plugin does not name new accounts properly #3

mkosek opened this issue Nov 20, 2017 · 2 comments

Comments

@mkosek
Copy link
Member

mkosek commented Nov 20, 2017

As reported in the FreeIPA wiki OIDC registration ticket, when OIDC plugin cannot find issuer&subject pair in FreeIPA wiki database, it will create a new account. However, it will not set the right user name:

+---------+-----------+----------------+---------------+------------------+-------------------+----------------+----------------------------------+--------------------------+------------------+--------------------------+-------------------+-------------------+----------------+-----------------------+---------+---------------------------------------+
| user_id | user_name | user_real_name | user_password | user_newpassword | user_email | user_touched | user_token | user_email_authenticated | user_email_token | user_email_token_expires | user_registration | user_newpass_time | user_editcount | user_password_expires | subject | issuer |
+---------+-----------+----------------+---------------+------------------+-------------------+----------------+----------------------------------+--------------------------+------------------+--------------------------+-------------------+-------------------+----------------+-----------------------+---------+---------------------------------------+
| 290 | User1 | Martin Kosek | | | mkosek @redhat.com | 20171110193530 | 160516ee51a82595e4ae6aa6364594ba | 20171110193524 | | NULL | 20171110193523 | NULL | 0 | NULL | mkosek | https://id.fedoraproject.org/openidc/ |
+---------+-----------+----------------+---------------+------------------+-------------------+----------------+----------------------------------+--------------------------+------------------+--------------------------+-------------------+-------------------+----------------+-----------------------+---------+---------------------------------------+
1 row in set (0.01 sec)

I am specifically talking about the "User1" part. https://www.mediawiki.org/wiki/Extension:OpenID_Connect is talking about "preferred username was provided by the issuer", so I wonder if there is some Ipsilon/OIDC setting that could let the plugin use Fedora user name as the "preferred username".

Workaround: have new user renamed manually by some of the wiki admins until this is fixed (you can drop email to mkosek at redhat.com).
@puiterwijk
Copy link

@mkosek Right, we hit this one too in staging, and this should have been fixed now. We didn't provide preferred_username before, but we do now.

@puiterwijk
Copy link

(this is as of +- 7 days from the time I write this)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@puiterwijk @mkosek