Reputation: 1894
Change the default group of a first time logged in oauth user in Openshift
Currently, if a user logs in via oauth to the Openshift cluster, they are automatically added to the system:authenticated:oauth group, I could now add/remove roles to this group to modify the default access rights.
Is there a way to change the default group the user gets assigned to?
I am using Openshift on version 4.1.
Upvotes: 0
Views: 370
Answers (1)
Reputation: 4693
Is there a way to change the default group the user gets assigned to?
Do you want to set the default authenticated group except system:authenticated:oauth ? If yes, then you can not change the group. Like system:authenticated:oauth, some groups are configured statically in the source code [0]. And the groups are binding to the users automatically. If you remove the group from user, then it will revert quickly by reconciliation tasks which force the desired group to assign.
[0] https://github.com/openshift/origin/blob/release-4.1/pkg/cmd/server/bootstrappolicy/constants.go#L36
// groups
const (
AuthenticatedGroup = "system:authenticated"
AuthenticatedOAuthGroup = "system:authenticated:oauth"
UnauthenticatedGroup = "system:unauthenticated"
ClusterAdminGroup = "system:cluster-admins"
...
Upvotes: 1
Related Questions
- How to set a default group on an Identity Provider in Keycloak
- How to change the route url of openshift oauth authentication?
- How to add user groups to ID token in Okta?
- Changing oc login password as a user
- OpenShift: how do I assign a password to user?
- Is there any way to list down the users in default groups in openshift?
- how to set default group for new user in django?
- Google oauth - Restrict sign-in to a particular google group
- auth0 - default group for user after registration
- How do I set a default group with django-authopenid?