From cf700c4450fb6f816808f829399bbe13f0b65d13 Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp Date: Thu, 14 Jul 2022 12:23:20 +0200 Subject: [PATCH] Allign login attribute for services Up to now the builtin lico was using the "username" as the login attribute, while the proxy (and to some extend the auth-basic) service tried to uniquely identify users by mail address. This aligns the default configuration of the services to use the username everywhere. Fixes: #4039 --- services/auth-basic/pkg/config/defaults/defaultconfig.go | 2 +- services/proxy/pkg/config/defaults/defaultconfig.go | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/services/auth-basic/pkg/config/defaults/defaultconfig.go b/services/auth-basic/pkg/config/defaults/defaultconfig.go index dd558ef0795..5fd7f35cbd8 100644 --- a/services/auth-basic/pkg/config/defaults/defaultconfig.go +++ b/services/auth-basic/pkg/config/defaults/defaultconfig.go @@ -43,7 +43,7 @@ func DefaultConfig() *config.Config { GroupBaseDN: "ou=groups,o=libregraph-idm", UserScope: "sub", GroupScope: "sub", - LoginAttributes: []string{"uid", "mail"}, + LoginAttributes: []string{"uid"}, UserFilter: "", GroupFilter: "", UserObjectClass: "inetOrgPerson", diff --git a/services/proxy/pkg/config/defaults/defaultconfig.go b/services/proxy/pkg/config/defaults/defaultconfig.go index 962f1853521..0fe587e3de3 100644 --- a/services/proxy/pkg/config/defaults/defaultconfig.go +++ b/services/proxy/pkg/config/defaults/defaultconfig.go @@ -50,8 +50,8 @@ func DefaultConfig() *config.Config { Enabled: true, }, AccountBackend: "cs3", - UserOIDCClaim: "email", - UserCS3Claim: "mail", + UserOIDCClaim: "preferred_username", + UserCS3Claim: "username", AutoprovisionAccounts: false, EnableBasicAuth: false, InsecureBackends: false,