-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot log into datahub-frontend if the username contains a space #4915
Comments
@tullis In your WHZ configuration, you're using the user CN as the link for the username: To have the uid be what gets stored in the cookie, you would need to set it up something like:
where instead of filtering on CN you are filtering on uid and then have users login with their uid. Typically email or some other unique identifier is used as the LDAP login to avoid the "John Doe" problem rather than the common name which only enforces uniqueness on the same OU. See: There are a couple of possible solutions here, but we would generally prefer to take the approach of using a more valid identifier as the login ID if at all possible. |
Thanks @RyanHolstien - Yes we're currently using the
The use of the I'll see if it's possible for us to proceed based only on the |
This issue is stale because it has been open for 30 days with no activity. If you believe this is still an issue on the latest DataHub release please leave a comment with the version that you tested it with. If this is a question/discussion please head to https://slack.datahubproject.io. For feature requests please use https://feature-requests.datahubproject.io |
This issue was closed because it has been inactive for 30 days since being marked as stale. |
Bug Description
When using an LDAP authentication source with JAAS - the usernames that are returned from the directory sometimes contains spaces.
For these users, although the authentication succeeds, the play framework then throws a 500 error and the login attempt fails.
The reason seems to be that the frontend is trying to insert the username into a cookie, but the space character is being rejected.
Our JAAS configuration is as follows:
This is the search-first mode which searches for the user's LDAP entry with their common name (which may contain spaces).
Their distinguished name matches the search, returning one object that is then used for an authentication attempt.
I added the
authzIdentity="{uid}"
statement to the JAAS configuration file to try to ensure that theuid
attribute was used in the construction of the user's urn. However it disn't work because it only adds this as an //additional// UserPrincipal on the Subject. The username with the space is still there. Therefore the authzIdentity could be removed from the configuration and the bug would still apply.When a user whose
cn
contains a space authenticates, the datahub-frontend log contains the following:Expected behavior
The user should be logged in.
Desktop (please complete the following information):
This is a server-side issue, so the browser context is not really relevant.
Additional context
There is an upstream bug report in the play framework, which is relevant: t2v/play2-auth#180
The answers here indicate that the spaces should be encoded before being added to the cookie. Perhaps this technique would work for datahub-frontend too.
The text was updated successfully, but these errors were encountered: