Do not allow users to change username when logging for the first time
See original GitHub issueIs your enhancement related to a problem? Please describe.
We have a Che operator 7.14.2 installed an OCP cluster with the following configuration:
auth:
externalIdentityProvider: false
openShiftoAuth: true
server:
customCheProperties:
CHE_INFRA_KUBERNETES_NAMESPACE_DEFAULT: <username>-code
allowUserDefinedWorkspaceNamespaces: false
Each user has <openshift-username>-code
namespace pre-created.
When a user is trying to login into Che Dashboard the very first time Che’s Keycloak shows the following form:
And now if the user edit the username and use another username (not OpenShift username) then he won’t be able to start a workspace because Che tries to use not-existing namespace to create a workspace: <che-username>-code
instead of `<openshift-username>-code.
Describe the solution you’d like
Ideally, user should not be asked to re-enter username, email, names when loging to Che at all. Che just should use the user from OpenShift. Email and Name is not available in OpenShift, but why Che needs them? If it needs them for Git commits or something then it should ask it when/if actually needed. Not in advance.
But at least we should have an option to forbid users to change usernames during Che login because it breaks users.
Issue Analytics
- State:
- Created 3 years ago
- Comments:28 (24 by maintainers)
Top GitHub Comments
@ibuziuk I see. We can improve it. I will plan for the next sprint.
@ibuziuk By default 7.19.0 adds check if username complies DNS naming convention. If you would like make username uneditable then you have to login into keycloak and change login theme to
che-username-readonly