Feature #15061

Updated by Peter Amstutz almost 3 years ago

Situation:

# User has an account on home cluster A.
# User goes to cluster B. Instead of logging in with federated identity from cluster A, user logs into a preexisting account and/or accidentally creates a new account.
# User now has multiple accounts, but wanted only one account.
# UI should guide user to redirect/merge accounts to use the cluster A account consistently.

Proposed solution:

# When a user logs in / creates an account on cluster A, send a simple request to all clusters in the federation on behalf of the user. This will cause the remote clusters to cache a record of the remote user.
# When a user logs in / creates an account on cluster B and the account is inactive, check if there are any cluster A user records with the same email address.
# If so, prompt the user to migrate the cluster B user to the cluster A user instead.
# User logs in (again) at cluster A and is redirected back to cluster B. The local user account is migrated (setting redirect_to_user_uuid to the cluster A user) the user finishes logging in.

Notes:

* If the user logs in to cluster B again, the account should be automatically redirected to log in at cluster A. Unfortunately, the user will probably still have to log in twice.
* For the case where the user wants cluster B to be the home cluster but there is a remote user from cluster A in the database, provide an alternate flow that sends the user to cluster A to migrate the cluster A account to redirect to the cluster B account.
* These are all cases of #13651 with the addition of user accounts identified based on matching email addresses instead of the account merge being initiated by the user.
* User interaction will be added to workbench2

Back