Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 7.12.1.GA
Affects Version/s: 7.12.0.GA
Component/s: Cloud
Labels:
None

Blocked:
False
Ready:
False
Affects:

Release Notes
Affects Build:
CR3
Fix Build:
CR1
QE Test Coverage:
+
Target Release:

7.12.1.GA
Workaround:

Workaround Exists
Workaround Description:

Hide

If you are using operator, then remove `defaultRole` from your KieApp.
For templates, do not set property AUTH_LDAP_DEFAULT_ROLE.

Show
If you are using operator, then remove `defaultRole` from your KieApp. For templates, do not set property AUTH_LDAP_DEFAULT_ROLE.
Git Pull Request:
https://github.com/jboss-container-images/jboss-kie-modules/pull/520, https://github.com/jboss-container-images/jboss-kie-modules/pull/521
Steps to Reproduce:

Hide

For Operator on OCP 4.x - Create a KieApp with configure default role `defaultRole: guest` and try to log into the BC
For Templates on OCP 3.11 - Create a template with configured property AUTH_LDAP_DEFAULT_ROLE = "guest".

Show
For Operator on OCP 4.x - Create a KieApp with configure default role `defaultRole: guest` and try to log into the BC For Templates on OCP 3.11 - Create a template with configured property AUTH_LDAP_DEFAULT_ROLE = "guest".

Sprint:
2022 Week 02-04 (from Jan 10), 2022 Week 05-07 (from Jan 31)

SFDC Cases Counter:
SFDC Cases Links:

Description

When is set LDAP default role for OpenShift images, all roles from ldap are ignored and user is not able to log into the application. When default role is not set, roles from LDAP are used correctly and user are able to log into the application. Default role is set for image by environment variable AUTH_LDAP_DEFAULT_ROLE.
Through KieApp LDAP default role is set by property, e.g. like this:

spec: 
  auth: 
    ldap: 
      ...
      defaultRole: guest
  ...

Probably the root cause is in conflict of two role mappers used in security domain configuration. This is part of kie image configuration script jboss-kie-wildfly-elytron.sh.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

without-set-default-role-rhpamcentrmon.log
596 kB
2022/01/20 3:40 PM
with-set-default-role-rhpamcentrmon.log
472 kB
2022/01/20 3:39 PM

Activity

People

Assignee:: Filippe Spolti

Reporter:: Jakub Schwan

Tester:: Jakub Schwan

QA Contact:: Jakub Schwan

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2022/01/20 3:36 PM

Updated:: 2024/02/12 9:17 AM

Resolved:: 2022/02/01 6:44 PM