Project

General

Profile

Feature #10287

Updated by Tom Clegg over 7 years ago

Currently Arvados generates a username from a user's email address.    However, some installations using external authentication (e.g. LDAP) may have usernames assigned which are separate from the email address used to log in, and don't match. 

    Arvados should be able to discover and use the username from external authentication so that the username used for VM login, git, and other accounting is consistent with the rest of the organization. 

 h2. Implementation 

 New API server configuration parameter "sso_username_field": 
 * "email" (default) means use local part of email address (i.e., current behavior) 
 * "uid", "cn", or anything else means use the indicated field from the SSO info hash 

 Ensure SSO provider propagates the "uid" and "cn" fields (and any other available fields) from LDAP to Arvados API. 

Back