Uploaded image for project: 'Hue (READ ONLY)'
  1. Hue (READ ONLY)
  2. HUE-8814

Allow OIDC username attribute to be customizable

          Details

          • Type: Task
          • Status: Resolved
          • Priority: Major
          • Resolution: Fixed
          • Affects Version/s: 4.4.0
          • Fix Version/s: 4.5.0
          • Component/s: core.api
          • Labels:
            None

            Description

            Recently, I was switching my company authentication from SAML2 to OIDC provided by Okta and I discovered that the default attribute (a claim in OIDC term) used by Hue to create a user account was 'preferred_username'. However, this attribute is not set by our provider and thus, Hue default code hashes the email and create a random user id. This was not desirable.

            The solution is to allow OIDC username attribute to be customizable. I've made the appropriate changes as well as keeping the default value 'preferred_username' for backward-compatibility if the newer setting is not provided. This way, with a config change, we can configure OIDC to use 'email' to create a username for a new account in Hue.

            https://github.com/cloudera/hue/pull/842

              Attachments

                Activity

                  People

                  • Assignee:
                    jgauthier Jean Francois Desjeans Gauthier
                    Reporter:
                    jgauthier Jean Francois Desjeans Gauthier
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    1 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: