Hello,

I've a setup with theforeman/katello using OIDC to authenticate my users, with auto-creation of the users.

On first login, the name and the email of the user is not set.

Looking at the code, it seems that these information are only taken from the auth token: https://github.com/theforeman/foreman/blob/637f3be10942e6122ae6e81707b2d8ccffebe327/app/services/sso/openid_connect.rb#L85.

But here in my setup, the name and email address of the user is part of the ID token not the auth token and it's difficult/impossible for me to change that.

I see that by default, mod_oidc is setting environment variables like OIDC_CLAIM_given_name, OIDC_CLAIM_family_name or OIDC_CLAIM_email with the informations from the id token.

It's apparently also possible to tell mod_oidc to pass the full id token to the application(OIDCPassIDTokenAs)

Not that it seems that REMOTE_USER_* headers are not used as that part of the code is disable when the OIDC authtoken is set (https://github.com/theforeman/foreman/blob/637f3be10942e6122ae6e81707b2d8ccffebe327/app/services/sso/apache.rb#L12)