Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-1457

[RFE] disable case-sensitivity if user login by a case-insensitive IdP

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Done
    • Icon: Undefined Undefined
    • openshift-4.9
    • None
    • Auth
    • False
    • False
    • Undefined

      1. Proposed title of this feature request
        • OpenShift should not introduce case-sensitivity on case insensitive IdPs.
      2. What is the nature and description of the request?
        • OpenShift uses a case-sensitive authentication system. Some IdPs are case-insensitive, so that the following issue would arrise:
        • OCP configured with RH-SSO as IdP, user-federation with AD.
        • LDAP has a user "USER_1" configured, belonging to group "developers".
        • RH-SSO pulls in that user via user-federation and creates user "user_1" (as LDAP is case-insensitive).
        • OCP group sync created a group "developers" containing user "USER_1".
        • User "user_1" logs in at OCP, but does not belong to group "developers" as only "USER_1" instead of "user_1" is member.
        • Logging in as "USER_1" would result in the same missing membership as SSO will convert that username to "user_1".

      3. Why does the customer need this? (List the business requirements here)

      This is currently a blocker for my customer and they will have to work with their AD-team to change all uppercased users to lowercased users.

       
      4. List any affected packages or components.

      OpenShift authentication

              sttts@redhat.com Stefan Schimanski (Inactive)
              rhn-support-ableisch Andreas Bleischwitz
              Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: