Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

v7: set-org-role should not always default --origin to uaa #1940

Closed
5 tasks done
mwdb opened this issue May 22, 2020 · 4 comments
Closed
5 tasks done

v7: set-org-role should not always default --origin to uaa #1940

mwdb opened this issue May 22, 2020 · 4 comments

Comments

@mwdb
Copy link

mwdb commented May 22, 2020

Please fill out the issue checklist below and provide ALL the requested information.

  • I reviewed open and closed github issues that may be related to my problem.
  • I tried updating to the latest version of the CF CLI to see if it fixed my problem.
  • I attempted to run the command with CF_TRACE=1 to help debug the issue.
  • I am reporting a bug that others will be able to reproduce.
  • If this is an issue for the v7 beta release, I've read through the official docs and the release notes.

Describe the bug and the command you saw an issue with
We have configured UAA with a OIDC default identity provider. With this configuration, UAA will always authenticate against the default identity provider when no default identity provider is configured.
When I logged in with the default identity provider and call
cf7 set-org-role user@customer.com myOrg OrgManager
Assigning role OrgManager to user user@customer.com in org ...

No user exists with the username 'user@customer.com' and origin 'uaa'.

What happened
When no --origin is specified, the v7 cli uses origin uaa as default. v6 would query across all IdPs and assign if only one user exists or error in case the user exists in multiple IdPs.

Expected behavior
Either keep the v6 behaviour or use the default IdP configured in UAA.

To Reproduce
Steps to reproduce the behavior; include the exact CLI commands and verbose output:

  1. Configure an OIDC IdP in UAA and set it as default IdP.
  2. cf7 set-org-role user@customer.com myOrg OrgManager
  3. Get error No user exists with the username 'user@customer.com' and origin 'uaa'.

Provide more context

  • platform and shell details ( e.g. Mac OS X 10.11 iTerm)
    Mac 10.15.4
  • version of the CLI you are running
    latest v7
  • version of the CC API Release you are on

Note: As of January 2019, we no longer support API versions older than CF Release v284/CF Deployment v1.7.0 (CAPI Release: 1.46.0 (APIs 2.100.0 and 3.35.0).

Note: In order to complete the v7 beta cf CLI in a timely matter, we develop and test against the latest CAPI release candidate. When v7 cf CLI is generally available, we will start supporting official CC API releases again.
@cf-gitbot
Copy link

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/172979900

The labels on this github issue will be updated when the story is started.

@reidmit reidmit changed the title [v7 cli] v7: set-org-role should not always default --origin to uaa Jun 4, 2020
@reidmit
Copy link
Contributor

reidmit commented Jun 4, 2020

Hi @mwdb, thanks for the report. We believe this is a bug. I've changed the title to capture more details of the issue, and we will prioritize fixing this shortly.

@mwdb
Copy link
Author

mwdb commented Jun 4, 2020

Thanks, appreciate that. If you need support for testing, please reach out.

@Gerg
Copy link
Member

Gerg commented Jun 11, 2020

This issue was addressed in 64d6425 and 394ba02.

Please let us know if you have any further issues.

@Gerg Gerg closed this as completed Jun 11, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Gerg @cf-gitbot @reidmit @mwdb