Closed UnicornChance closed 6 days ago
Issue 1: not sure what to do here considering this is an expected outcome of current implementation. Upon clicking the continue
button the user attribute is created linking the x509 cert to the user in the usercertificate
attribute. So the first time the login-x509-info page is shown the user wont have the correct attributes for populating this field. Maybe change the message to be something more helpful or remove it altogether?
Issue 2: no progress, need to change the info being extracted from x509 to get the CN instead of the UPN
Issue 3: Adding the login-reset-password.ftl theme file so that we can control the autofil functionality that comes default with keycloak theme
Issue 4: Do we have an email we want to substitute here? or should we just remove that portion of the message and inform users to contact their admins.
the CN displayed for 4 good and is actually the text we probably want to see everywhere.
For issue 2, we intentionally extract the UPN to store into the database during registration. Please don't change that.
However, it probably makes sense to display the CN to the user instead of the UPN. Possibly just update the code to extract both the CN and UPN.
re: "make login help message configurable" unfortunately this is defined in the messages_en.properties file which is not configurable in the sense of env vars or something else. A couple solutions could be implementing the .ftl file that this actually lives in and controlling it from there with a env variable or just documenting how to supply different messages_en.properties files.
My thought is to write up an issue to address this, remove the reference to the dsop email, and come back to it later.
https://github.com/defenseunicorns/uds-identity-config/issues/132
First Issue:
Occasionally when using a CAC, the pop up that displays user info from the CAC is empty string.
Steps to reproduce
Expected result
Should always show the users info instead of "No Certificate"
Additional Context
After initial login the attribute hasn't been added to user yet and so it shows "No Certificate", however if you log out and back in it shows correctly.
Second issue:
Another issue is that the registration CaC flow shows an email that doesnt mean anything to humans. Should look into extracting different user data from cac in the them, registry.ftl cacIdentity field.
Third issue:
with cac present and forgot password the email is autofilled to be something from the cac that isn't relevant and should be users email if autofiled, although we probably dont have that so nothing should be autofilled.
Fourth issue:
password reset page shows help@dsop.mil
Completion
Have @bburky review code changes.