Project

General

Profile

Actions

Feature #10287

closed

[SSO] [API] Assign Arvados username from site-configured LDAP field when available

Added by Peter Amstutz about 8 years ago. Updated about 8 years ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Category:
SSO
Target version:
Story points:
-

Description

Currently Arvados generates a username from a user's email address. However, some installations using external authentication (e.g. LDAP) may have usernames assigned which are separate from the email address used to log in, and don't match.

Arvados should be able to discover and use the username from external authentication so that the username used for VM login, git, and other accounting is consistent with the rest of the organization.

Implementation

New API server configuration parameter "sso_username_field":
  • "email" (default) means use local part of email address (i.e., current behavior)
  • "uid", "cn", or anything else means use the indicated field from the SSO info hash

Ensure SSO provider propagates the "uid" and "cn" fields (and any other available fields) from LDAP to Arvados API.


Subtasks 2 (0 open2 closed)

Task #10307: Review 10287-sso-usernameResolved10/24/2016Actions
Task #10306: Review 10287-ldap-username (sso-provider repository)Resolved10/24/2016Actions
Actions

Also available in: Atom PDF