-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
{{internal.logins}} ignored on Teleport Enterprise roles #2561
Comments
Hey Larry, thanks for your report. We will look into it. |
And just to clarify, it's stopped working for existing users after upgrade or for new local users? If the latter, how did you add new users? |
I'm about to add some context, but all users are on a brand-new enterprise-trial-license deployment via the Helm chart. Users are created with |
A few bits of context. I played with this in several ways:
A
And the output of In these cases, login works as usual (after logging out, clearing out ~/.tsh for good measure, then logging in to get the reflected changes). It's a bit cumbersome to have to go back and add usernames to roles or user traits after the fact, though! Of course, yes, SSO integration is the better choice. |
We've got the same problem for newly created users after upgrading to Teleport Enterprise v3.1.7git:v3.1.7-0-g44074d74 go1.11.5 |
Also seeing this since moving to enterprise, wasted a good chunk of evaluation time looking into it. |
@lrt512 @M0nsieurChat @sgargan What was your expected behavior of It's a field that's used in OSS to propagate logins for local users through traits. For Enterprise users, the expectation is to add |
alright, let's take another look into it in the context of 4.1 |
I don't know, my users were created like so (old syntax, I know ) : The We are using Enterprise with local accounts. We plan to switch on SAML by next year. |
@russjones I don't think it's enough to unhide the flag to solve this issue - we should also re-add processing of internal trait in enterprise mode in addition to the external trait - something we don't do right now. |
@klizhentas We do process |
ok |
I think I just got bitten by this bug as well. |
I hit this issue also. Any fix/workaround? |
What happened:
We're doing a PoC of Teleport Enterprise in k8s without using SSO to start. Every user with the admin role has only the
root
login, even though the role hasVery much an edge case, but entertaining.
What you expected to happen:
I was expecting the local user login to be propagated
How to reproduce it (as minimally and precisely as possible):
Just have a role where you have this
In this case,
tsh status
will give onlyIf you omit
root
and only givetsh login
will returnEnvironment:
teleport version
): Teleport Enterprise v3.1.5git:v3.1.5-0-g7621bbd5 go1.11.5tsh version
): Teleport v3.1.5 git:v3.1.5-0-g7621bbd5 go1.11.5The text was updated successfully, but these errors were encountered: