Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CP4AIOPS-3113 pass delimiter for groups #1155

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

CP4AIOPS-3113 pass delimiter for groups #1155

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b9b68cd
Call out the default group delimiter for mellon is a semicolon
kbrock Aug 23, 2024
5104e9e
For mellon and sssd, pass the group delimiter to rails
kbrock Sep 3, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 25 additions & 22 deletions manageiq-operator/api/v1alpha1/helpers/miq-components/httpd_conf.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,7 @@ func httpdExternalAuthConf(enableLocalLogin bool) string {
httpdAuthLoginFormConf(),
httpdAuthApplicationAPIConf("Basic", "\"External Authentication (httpd) for API\"", apiExtraConfig, enableLocalLogin),
httpdAuthLookupUserDetailsConf(),
httpdAuthRemoteUserConf(),
httpdAuthRemoteUserConf(":"),
)
}

Expand Down Expand Up @@ -172,7 +172,7 @@ func httpdADAuthConf(enableLocalLogin bool) string {
httpdAuthLoginFormConf(),
httpdAuthApplicationAPIConf("Basic", "\"External Authentication (httpd) for API\"", apiExtraConfig, enableLocalLogin),
httpdAuthLookupUserDetailsConf(),
httpdAuthRemoteUserConf(),
httpdAuthRemoteUserConf(":"),
)
}

Expand All @@ -198,7 +198,7 @@ LoadModule auth_mellon_module modules/mod_auth_mellon.so
MellonEndpointPath "/saml2"

MellonUser username
MellonMergeEnvVars On
MellonMergeEnvVars On ";"

MellonSetEnvNoPrefix "REMOTE_USER" username
MellonSetEnvNoPrefix "REMOTE_USER_EMAIL" email
Expand All @@ -216,7 +216,7 @@ LoadModule auth_mellon_module modules/mod_auth_mellon.so

%s
`
return fmt.Sprintf(s, httpdAuthRemoteUserConf())
return fmt.Sprintf(s, httpdAuthRemoteUserConf(";"))
}

func httpdOIDCAuthConf(spec *miqv1alpha1.ManageIQSpec) string {
Expand Down Expand Up @@ -281,14 +281,15 @@ RequestHeader unset X-REMOTE_USER
RequestHeader unset X_REMOTE-USER
RequestHeader unset X_REMOTE_USER

RequestHeader set X_REMOTE_USER %%{OIDC_CLAIM_PREFERRED_USERNAME}e env=OIDC_CLAIM_PREFERRED_USERNAME
RequestHeader set X_EXTERNAL_AUTH_ERROR %%{EXTERNAL_AUTH_ERROR}e env=EXTERNAL_AUTH_ERROR
RequestHeader set X_REMOTE_USER_EMAIL %%{OIDC_CLAIM_EMAIL}e env=OIDC_CLAIM_EMAIL
RequestHeader set X_REMOTE_USER_FIRSTNAME %%{OIDC_CLAIM_GIVEN_NAME}e env=OIDC_CLAIM_GIVEN_NAME
RequestHeader set X_REMOTE_USER_LASTNAME %%{OIDC_CLAIM_FAMILY_NAME}e env=OIDC_CLAIM_FAMILY_NAME
RequestHeader set X_REMOTE_USER_FULLNAME %%{OIDC_CLAIM_NAME}e env=OIDC_CLAIM_NAME
RequestHeader set X_REMOTE_USER_GROUPS %%{OIDC_CLAIM_GROUPS}e env=OIDC_CLAIM_GROUPS
RequestHeader set X_REMOTE_USER_DOMAIN %%{OIDC_CLAIM_DOMAIN}e env=OIDC_CLAIM_DOMAIN
RequestHeader set X_REMOTE_USER %%{OIDC_CLAIM_PREFERRED_USERNAME}e env=OIDC_CLAIM_PREFERRED_USERNAME
RequestHeader set X_EXTERNAL_AUTH_ERROR %%{EXTERNAL_AUTH_ERROR}e env=EXTERNAL_AUTH_ERROR
RequestHeader set X_REMOTE_USER_EMAIL %%{OIDC_CLAIM_EMAIL}e env=OIDC_CLAIM_EMAIL
RequestHeader set X_REMOTE_USER_FIRSTNAME %%{OIDC_CLAIM_GIVEN_NAME}e env=OIDC_CLAIM_GIVEN_NAME
RequestHeader set X_REMOTE_USER_LASTNAME %%{OIDC_CLAIM_FAMILY_NAME}e env=OIDC_CLAIM_FAMILY_NAME
RequestHeader set X_REMOTE_USER_FULLNAME %%{OIDC_CLAIM_NAME}e env=OIDC_CLAIM_NAME
RequestHeader set X_REMOTE_USER_GROUPS %%{OIDC_CLAIM_GROUPS}e env=OIDC_CLAIM_GROUPS
RequestHeader set X_REMOTE_USER_GROUP_DELIMITER ","
RequestHeader set X_REMOTE_USER_DOMAIN %%{OIDC_CLAIM_DOMAIN}e env=OIDC_CLAIM_DOMAIN
`
return fmt.Sprintf(
s,
Expand Down Expand Up @@ -366,22 +367,24 @@ func httpdAuthLookupUserDetailsConf() string {
`
}

func httpdAuthRemoteUserConf() string {
return `
func httpdAuthRemoteUserConf(delimiter string) string {
s := `
RequestHeader unset X-REMOTE-USER
RequestHeader unset X-REMOTE_USER
RequestHeader unset X_REMOTE-USER
RequestHeader unset X_REMOTE_USER

RequestHeader set X_REMOTE_USER %{REMOTE_USER}e env=REMOTE_USER
RequestHeader set X_EXTERNAL_AUTH_ERROR %{EXTERNAL_AUTH_ERROR}e env=EXTERNAL_AUTH_ERROR
RequestHeader set X_REMOTE_USER_EMAIL %{REMOTE_USER_EMAIL}e env=REMOTE_USER_EMAIL
RequestHeader set X_REMOTE_USER_FIRSTNAME %{REMOTE_USER_FIRSTNAME}e env=REMOTE_USER_FIRSTNAME
RequestHeader set X_REMOTE_USER_LASTNAME %{REMOTE_USER_LASTNAME}e env=REMOTE_USER_LASTNAME
RequestHeader set X_REMOTE_USER_FULLNAME %{REMOTE_USER_FULLNAME}e env=REMOTE_USER_FULLNAME
RequestHeader set X_REMOTE_USER_GROUPS %{REMOTE_USER_GROUPS}e env=REMOTE_USER_GROUPS
RequestHeader set X_REMOTE_USER_DOMAIN %{REMOTE_USER_DOMAIN}e env=REMOTE_USER_DOMAIN
RequestHeader set X_REMOTE_USER %%{REMOTE_USER}e env=REMOTE_USER
RequestHeader set X_EXTERNAL_AUTH_ERROR %%{EXTERNAL_AUTH_ERROR}e env=EXTERNAL_AUTH_ERROR
RequestHeader set X_REMOTE_USER_EMAIL %%{REMOTE_USER_EMAIL}e env=REMOTE_USER_EMAIL
RequestHeader set X_REMOTE_USER_FIRSTNAME %%{REMOTE_USER_FIRSTNAME}e env=REMOTE_USER_FIRSTNAME
RequestHeader set X_REMOTE_USER_LASTNAME %%{REMOTE_USER_LASTNAME}e env=REMOTE_USER_LASTNAME
RequestHeader set X_REMOTE_USER_FULLNAME %%{REMOTE_USER_FULLNAME}e env=REMOTE_USER_FULLNAME
RequestHeader set X_REMOTE_USER_GROUPS %%{REMOTE_USER_GROUPS}e env=REMOTE_USER_GROUPS
RequestHeader set X_REMOTE_USER_GROUP_DELIMITER "%s"
RequestHeader set X_REMOTE_USER_DOMAIN %%{REMOTE_USER_DOMAIN}e env=REMOTE_USER_DOMAIN
`
return fmt.Sprintf(s, delimiter)
}

func uiHttpdConfig(protocol string) string {
Expand Down
Loading