This repository has been archived by the owner on Dec 4, 2024. It is now read-only.
Current OIDC plugin does not name new accounts properly #3
Comments
|
@mkosek Right, we hit this one too in staging, and this should have been fixed now. We didn't provide |
|
(this is as of +- 7 days from the time I write this) |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
As reported in the FreeIPA wiki OIDC registration ticket, when OIDC plugin cannot find issuer&subject pair in FreeIPA wiki database, it will create a new account. However, it will not set the right user name:
+---------+-----------+----------------+---------------+------------------+-------------------+----------------+----------------------------------+--------------------------+------------------+--------------------------+-------------------+-------------------+----------------+-----------------------+---------+---------------------------------------+
| user_id | user_name | user_real_name | user_password | user_newpassword | user_email | user_touched | user_token | user_email_authenticated | user_email_token | user_email_token_expires | user_registration | user_newpass_time | user_editcount | user_password_expires | subject | issuer |
+---------+-----------+----------------+---------------+------------------+-------------------+----------------+----------------------------------+--------------------------+------------------+--------------------------+-------------------+-------------------+----------------+-----------------------+---------+---------------------------------------+
| 290 | User1 | Martin Kosek | | | mkosek @redhat.com | 20171110193530 | 160516ee51a82595e4ae6aa6364594ba | 20171110193524 | | NULL | 20171110193523 | NULL | 0 | NULL | mkosek | https://id.fedoraproject.org/openidc/ |
+---------+-----------+----------------+---------------+------------------+-------------------+----------------+----------------------------------+--------------------------+------------------+--------------------------+-------------------+-------------------+----------------+-----------------------+---------+---------------------------------------+
1 row in set (0.01 sec)
I am specifically talking about the "User1" part. https://www.mediawiki.org/wiki/Extension:OpenID_Connect is talking about "preferred username was provided by the issuer", so I wonder if there is some Ipsilon/OIDC setting that could let the plugin use Fedora user name as the "preferred username".
Workaround: have new user renamed manually by some of the wiki admins until this is fixed (you can drop email to mkosek at redhat.com).
The text was updated successfully, but these errors were encountered: