Users misconfigured in CAS (don't see private Targets)
Opened this issue · 6 comments
Users are not seeing the MVMMpro target, which is associated with the Project/Proposal lb32627-2. There is a suspicion that this could be caused by the proposal cache in the security module. When the proposal is added to PUBLIC_TAS the target is visible - that illustrates the filtering is working and it may be caused by the cache.
We need to add debug here to expose the problem.
@tdudgeon suspects that the problem is that Jenke's account is using his email address and not FedID. If so, the action will be to delete the keycloak entry and re-create one with the FedID.
Potentially, Jenke may be able to login to CAS with his fedID / password combo, but the true fix would need to come from Diamond.
@mwinokan to get the info from @alanbchristie and start an IT ticket
It is clear from the ISPyB log in the stack that the username jscheen was being used. There is a Keycloak user identity for this username (ID ff0765f8-c980-4f05-93c0-b1ecebf9544b).
Today's CAS "outage"/issues prevent any investigation on this.
@alanbchristie please summarise what I should put in the ticket to IT
I think at this stage it is not clear that the target issue is related to CAS. I think this may be "human error" or a poorly configured keycloak. I think at this stage I need to (working with Jenke specifically): -
- Remove his entry from keycloak
- Get him to re-login using CAS
Hopefully this will result in his Fragalysis username being his CAS username
Having now removed Jenke's "erroneous" Keycloak record, and having logged in again (via CAS) he can now see the targets he expects to see. So this problem is fixed (but deleting the faulty user records in keycloak).