For one of the users we received as a name that looked like John Doe::${displayName} which is likely an artifact of a misconfigured IdP. However this had a knock on effect of breaking the bastion client - it's useradd ansible task uses name as part of GECOS field and this was not acceptable probably due to $ and maybe {} characters, so user's bastion key was not installed.
We should sanitize name down to alphanumeric characters and whitespaces when we insert it into CoreAPI database. Maybe warn about it if unusual characters are found.
For one of the users we received as a name that looked like
John Doe::${displayName}which is likely an artifact of a misconfigured IdP. However this had a knock on effect of breaking the bastion client - it's useradd ansible task uses name as part of GECOS field and this was not acceptable probably due to$and maybe{}characters, so user's bastion key was not installed.We should sanitize name down to alphanumeric characters and whitespaces when we insert it into CoreAPI database. Maybe warn about it if unusual characters are found.