Uploaded image for project: 'Red Hat Process Automation Manager'
  1. Red Hat Process Automation Manager
  2. RHPAM-4132

OpenShift images ignore LDAP roles when is set defautl role variable AUTH_LDAP_DEFAULT_ROLE

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 7.12.1.GA
    • 7.12.0.GA
    • Cloud
    • None
    • False
    • False
    • Release Notes
    • CR3
    • CR1
    • +
    • Workaround Exists
    • Hide

      If you are using operator, then remove `defaultRole` from your KieApp.
      For templates, do not set property AUTH_LDAP_DEFAULT_ROLE.

      Show
      If you are using operator, then remove `defaultRole` from your KieApp. For templates, do not set property AUTH_LDAP_DEFAULT_ROLE.
    • Hide

      For Operator on OCP 4.x - Create a KieApp with configure default role `defaultRole: guest` and try to log into the BC
      For Templates on OCP 3.11 - Create a template with configured property AUTH_LDAP_DEFAULT_ROLE = "guest".

      Show
      For Operator on OCP 4.x - Create a KieApp with configure default role `defaultRole: guest` and try to log into the BC For Templates on OCP 3.11 - Create a template with configured property AUTH_LDAP_DEFAULT_ROLE = "guest".
    • 2022 Week 02-04 (from Jan 10), 2022 Week 05-07 (from Jan 31)

      When is set LDAP default role for OpenShift images, all roles from ldap are ignored and user is not able to log into the application. When default role is not set, roles from LDAP are used correctly and user are able to log into the application. Default role is set for image by environment variable AUTH_LDAP_DEFAULT_ROLE.
      Through KieApp LDAP default role is set by property, e.g. like this:

      spec: 
        auth: 
          ldap: 
            ...
            defaultRole: guest
        ...
      

      Probably the root cause is in conflict of two role mappers used in security domain configuration. This is part of kie image configuration script jboss-kie-wildfly-elytron.sh.

              rhn-support-fspolti Filippe Spolti
              jakubschwan Jakub Schwan
              Jakub Schwan Jakub Schwan
              Jakub Schwan Jakub Schwan
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: