-
Notifications
You must be signed in to change notification settings - Fork 182
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Custom userOIDCClaim ignored when autoprovisioning users #8635
Labels
Comments
Hi @micbar, |
@micbar this is the issue we just talked about, I'll move it to Prio2, please adjust if you disagree. |
rhafer
added
the
Priority:p2-high
Escalation, on top of current planning, release blocker
label
Apr 17, 2024
rhafer
added a commit
to rhafer/ocis
that referenced
this issue
Apr 24, 2024
…r auto-provisioning user accounts When auto-provisioning user accounts we used a fixed mapping for claims for the userinfo response to user attributes. This change introduces configuration options to defined which claims should be user for the username, display name and email address of the auto-provisioned accounts. This also removes the automatic fallback to use the 'mail' claim as the username when the 'preferred_username' claim does not exist. Fixes: owncloud#8635
rhafer
added a commit
to rhafer/ocis
that referenced
this issue
Apr 24, 2024
…r auto-provisioning user accounts When auto-provisioning user accounts we used a fixed mapping for claims for the userinfo response to user attributes. This change introduces configuration options to defined which claims should be user for the username, display name and email address of the auto-provisioned accounts. This also removes the automatic fallback to use the 'mail' claim as the username when the 'preferred_username' claim does not exist. Fixes: owncloud#8635
rhafer
added a commit
to rhafer/ocis
that referenced
this issue
Apr 25, 2024
…r auto-provisioning user accounts When auto-provisioning user accounts we used a fixed mapping for claims for the userinfo response to user attributes. This change introduces configuration options to defined which claims should be user for the username, display name and email address of the auto-provisioned accounts. This also removes the automatic fallback to use the 'mail' claim as the username when the 'preferred_username' claim does not exist. Fixes: owncloud#8635
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Describe the bug
Custom userOIDCClaim ignored when autoprovisioning users.
As a result account_resolver.go[94] queries users with value from custom claim, but cs3.go libregraphUserFromClaims [274] assignes username hardcoded to preferred_username.
As a result user cannot be found, autoprovisioning is retried again and again and user cannot login.
Steps to reproduce
(e.g. preferred_username=Domain/Testuser ocis_user=Domain-Testuser
Expected behavior
User should be able to login when custom userOIDCClaim was specified
Actual behavior
Login is not possible. OCIS shows message:
ocis.log
Setup
Additional context
If you could support "/" in preferred_username (e.g. "Domain/Testuser"), that would solve my issue as well.
The text was updated successfully, but these errors were encountered: