Open marcocaberletti opened 3 months ago
We can try to extract the user name from the token but that's it. We do it for the service account token. It would need to be some kind of standardized way though, either via commonly known claims or something else that is embedded inside the token. We definitely won't do that for anything custom.
https://github.com/kubernetes/dashboard/blob/master/modules/auth/pkg/routes/me/me.go
I guess name
, email
, iss
and maybe groups
are standard claims.
I think they can be enough.
@floreks I see the same behavior with User impersonation. Pre 7.0.0 (https://github.com/kubernetes/dashboard/releases/tag/kubernetes-dashboard-7.0.0) version, this was not the case. Do you want me to open separate issue for it or track it as part of this ?
Respecting impersonation header username will be a part of this. It is indeed ignored right now.
What would you like to be added?
Hi, I've done the following setup:
The authentication flow works as expected: the IDP issues tokens with the
groups
claim, groups are mapped inaws-auth
ConfigMap, I can login in the dashboard and operate.The question is the following: if a user is member of multiple groups in the IDP, how can I see the user details? How can I understand to which group is mapped?
From the dashboard, the only thing I can see is the following:
Is it possible add some user details in the dropdown?
Thanks
Why is this needed?
Better visibility about the logged user