Centreon 22.04.1: Contact groups cannot be set when user logs in using OpenID

Question

Centreon 22.04.1: Contact groups cannot be set when user logs in using OpenID

j-insan3 opened this issue 2 years ago · 3 comments

j-insan3 commented 2 years ago

BUG REPORT INFORMATION

Prerequisites

Versions
centreon-22.04.1-8.el7.centos.noarch

Operating System

*CentOS 7 *

Browser used

Google Chrome
Firefox
Internet Explorer IE11
Safari

Version: latest

Additional environment details (AWS, VirtualBox, physical, etc.):
VMware

Description

When using openID in 22.04 you are unable to add users to contact groups. As soon as they login using openID there contact group membership will reset back to the openID default group.

Steps to Reproduce

Please describe precisely the steps to reproduce the encountered issue.

Add user to a contact group
Configure OpenID
Let user login using OpenID
Check user contact group memberships, they will be gone.

Describe the received result

User contact groups get set to the openID defaults

Describe the expected result

Let users keep all there other memberships

Additional relevant information (e.g. frequency, ...)

Every time an user logs in using OpenID

Answer 1 · 2022-09-29T16:31:09.000Z

I'm also having this issue, but I realized something else that may or may not be related:

In our instance the OpenID payload has no groups object. I'm not sure if the null object from claim_name is causing it to blank out the group listing (like it's replacing the objects instead of adding to them).

Answer 2 · 2022-09-29T16:32:21.000Z

Actually I went back to add a known object from the payload that could be used for claim_name and setting it didn't change the behavior. It still removes the user from all assigned groups.

Answer 3 · 2022-09-29T19:56:24.000Z

As a workaround for now, comment out line 98 of /usr/share/centreon/src/Core/Security/Application/UseCase/LoginOpenIdSession/LoginOpenIdSession.php :

            $this->provider->setConfiguration($openIdProviderConfiguration);
            $this->provider->authenticateOrFail($request->authorizationCode, $request->clientIp);
            $user = $this->findUserOrFail();
            #$this->updateUserACL($user);
            $sessionUserInfos = [
                'contact_id' => $user->getId(),
                'contact_name' => $user->getName(),
                'contact_alias' => $user->getAlias(),
                'contact_email' => $user->getEmail(),

Note that this change likely won't persist next time you update Centreon, so this is just a temporary workaround.