Fix the username value in federated tokens
Currently, in both unscoped and scoped federated tokens, the username value in the token is equal to the userid and not to the value of the username in the external identity provider. This makes WebSSO login to show the userid of the logged-in user in the Horizon dashboard, whereas before it was showing the actual user name. This patch fixes the value of the username in the federated tokens, which will fix the WebSSO issue as well, since Horizon looks at the username value and displays that as the logged-in user. Closes-Bug: #1597101 Closes-Bug: #1482701 Change-Id: I33a0274641c4e6bc4e127f5206ba9bc7dbd8e5a8
This commit is contained in:
parent
0ce20cb08c
commit
2042c955c8
|
@ -151,8 +151,8 @@ class FederatedSetupMixin(object):
|
|||
self.assertIn('identity_provider', user['OS-FEDERATION'])
|
||||
self.assertIn('protocol', user['OS-FEDERATION'])
|
||||
|
||||
# Make sure user_id is url safe
|
||||
self.assertEqual(urllib.parse.quote(user['name']), user['id'])
|
||||
# Make sure user_name is url safe
|
||||
self.assertEqual(urllib.parse.quote(user['name']), user['name'])
|
||||
|
||||
def _issue_unscoped_token(self,
|
||||
idp=None,
|
||||
|
@ -2504,6 +2504,21 @@ class FederatedTokenTests(test_v3.RestfulTestCase, FederatedSetupMixin):
|
|||
self._issue_unscoped_token,
|
||||
assertion='ANOTHER_LOCAL_USER_ASSERTION')
|
||||
|
||||
def test_user_name_and_id_in_federation_token(self):
|
||||
r = self._issue_unscoped_token(assertion='EMPLOYEE_ASSERTION')
|
||||
token = r.json_body['token']
|
||||
self.assertEqual(
|
||||
mapping_fixtures.EMPLOYEE_ASSERTION['UserName'],
|
||||
token['user']['name'])
|
||||
self.assertNotEqual(token['user']['name'], token['user']['id'])
|
||||
r = self.v3_create_token(
|
||||
self.TOKEN_SCOPE_PROJECT_EMPLOYEE_FROM_EMPLOYEE)
|
||||
token = r.json_body['token']
|
||||
self.assertEqual(
|
||||
mapping_fixtures.EMPLOYEE_ASSERTION['UserName'],
|
||||
token['user']['name'])
|
||||
self.assertNotEqual(token['user']['name'], token['user']['id'])
|
||||
|
||||
|
||||
class FernetFederatedTokenTests(test_v3.RestfulTestCase, FederatedSetupMixin):
|
||||
AUTH_METHOD = 'token'
|
||||
|
|
|
@ -129,6 +129,7 @@ class TestValidate(unit.TestCase):
|
|||
protocol = uuid.uuid4().hex
|
||||
auth_context = {
|
||||
'user_id': user_ref['id'],
|
||||
'user_name': user_ref['name'],
|
||||
'group_ids': group_ids,
|
||||
federation_constants.IDENTITY_PROVIDER: identity_provider,
|
||||
federation_constants.PROTOCOL: protocol,
|
||||
|
@ -140,7 +141,7 @@ class TestValidate(unit.TestCase):
|
|||
token = token_data['token']
|
||||
exp_user_info = {
|
||||
'id': user_ref['id'],
|
||||
'name': user_ref['id'],
|
||||
'name': user_ref['name'],
|
||||
'domain': {'id': CONF.federation.federated_domain_name,
|
||||
'name': CONF.federation.federated_domain_name, },
|
||||
federation_constants.FEDERATION: {
|
||||
|
|
|
@ -641,10 +641,14 @@ class BaseProvider(provider.Provider):
|
|||
group_ids = auth_context['group_ids']
|
||||
idp = auth_context[federation_constants.IDENTITY_PROVIDER]
|
||||
protocol = auth_context[federation_constants.PROTOCOL]
|
||||
|
||||
user_dict = self.identity_api.get_user(user_id)
|
||||
user_name = user_dict['name']
|
||||
|
||||
token_data = {
|
||||
'user': {
|
||||
'id': user_id,
|
||||
'name': parse.unquote(user_id),
|
||||
'name': parse.unquote(user_name),
|
||||
federation_constants.FEDERATION: {
|
||||
'groups': [{'id': x} for x in group_ids],
|
||||
'identity_provider': {'id': idp},
|
||||
|
|
|
@ -25,7 +25,7 @@ from keystone.token.providers.fernet import token_formatters as tf
|
|||
CONF = keystone.conf.CONF
|
||||
|
||||
|
||||
@dependency.requires('trust_api', 'oauth_api')
|
||||
@dependency.requires('trust_api', 'oauth_api', 'identity_api')
|
||||
class Provider(common.BaseProvider):
|
||||
def __init__(self, *args, **kwargs):
|
||||
super(Provider, self).__init__(*args, **kwargs)
|
||||
|
@ -124,11 +124,14 @@ class Provider(common.BaseProvider):
|
|||
'protocol': {'id': protocol_id}
|
||||
}
|
||||
|
||||
user_dict = self.identity_api.get_user(user_id)
|
||||
user_name = user_dict['name']
|
||||
|
||||
token_dict = {
|
||||
'user': {
|
||||
federation_constants.FEDERATION: federated_info,
|
||||
'id': user_id,
|
||||
'name': user_id,
|
||||
'name': user_name,
|
||||
'domain': {'id': CONF.federation.federated_domain_name,
|
||||
'name': CONF.federation.federated_domain_name, },
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue