Hi Marcus, Interesting problem. Your conclusion seems to be the right approach.
+ 1 for fixing the legacy data and also for employing lowercasing all the tables you identified. Suresh > On Jun 14, 2017, at 10:14 AM, Christie, Marcus Aaron <[email protected]> wrote: > > Dev, > > During testing integration with Keycloak, Eroma discovered several issues [1] > [2] [3] [4] related to having a legacy username with mixed upper and lower > case characters. WSO2 IS allowed users to have usernames with upper case > characters. However, Keycloak lowercases the username when a user is created > so all usernames in Keycloak are lowercase. This causes a problem when code > compares a user’s logged in username with usernames in the Airavata database > that have upper case characters. For example, the PGA when trying to > determine if the logged in user can write to a project gets all of the > accessible users and compares the logged in username against the list of > accessible usernames. > > After some thought I’ve come around to thinking that Keycloak lowercasing > usernames is a good idea. It could cause confusion and potential security > issues to allow users to have case-sensistive usernames. Two usernames could > be identical except for case and it would be reasonable for users to assume > that they represent the same user. > > So I think Airavata and specifically the User Profile service should adopt > the same policy and lowercase usernames. > > For legacy data, to fix the issues Eroma encountered, we would need to do a > one-time conversion of legacy usernames to lowercase. This would involve: > * lowercasing all usernames in Airavata database. See [5] for list of tables > that would be affected > * lowercase the user directory names in gateway user storage on the PGA > servers > * likewise lowercase the user directory names in DATA_REPLICA_LOCATION > > I’m open to any feedback. > > Thanks, > > Marcus > > [1] https://issues.apache.org/jira/browse/AIRAVATA-2437 > <https://issues.apache.org/jira/browse/AIRAVATA-2437> > [2] https://issues.apache.org/jira/browse/AIRAVATA-2438 > <https://issues.apache.org/jira/browse/AIRAVATA-2438> > [3] https://issues.apache.org/jira/browse/AIRAVATA-2439 > <https://issues.apache.org/jira/browse/AIRAVATA-2439> > [4] https://issues.apache.org/jira/browse/AIRAVATA-2440 > <https://issues.apache.org/jira/browse/AIRAVATA-2440> > [5] > https://issues.apache.org/jira/browse/AIRAVATA-2438?focusedCommentId=16049210&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-16049210 > > <https://issues.apache.org/jira/browse/AIRAVATA-2438?focusedCommentId=16049210&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-16049210> > >
