Details
-
Feature Request
-
Resolution: Done
-
Undefined
-
None
-
False
-
False
-
0
-
0%
-
Undefined
Description
- Proposed title of this feature request
- OpenShift should not introduce case-sensitivity on case insensitive IdPs.
- What is the nature and description of the request?
- OpenShift uses a case-sensitive authentication system. Some IdPs are case-insensitive, so that the following issue would arrise:
- OCP configured with RH-SSO as IdP, user-federation with AD.
- LDAP has a user "USER_1" configured, belonging to group "developers".
- RH-SSO pulls in that user via user-federation and creates user "user_1" (as LDAP is case-insensitive).
- OCP group sync created a group "developers" containing user "USER_1".
- User "user_1" logs in at OCP, but does not belong to group "developers" as only "USER_1" instead of "user_1" is member.
- Logging in as "USER_1" would result in the same missing membership as SSO will convert that username to "user_1".
3. Why does the customer need this? (List the business requirements here)
This is currently a blocker for my customer and they will have to work with their AD-team to change all uppercased users to lowercased users.
4. List any affected packages or components.
OpenShift authentication