Requiring case-insensitive usernames might make it a bit more difficult for existing systems with case-sensitive usernames. For example, I think jupyterhub servers can be set up to use unix usernames, which would be case-sensitive.
On Wed, Jun 14, 2017 at 10:18:52AM -0400, Suresh Marru wrote: > Hi Marcus, > > Interesting problem. Your conclusion seems to be the right approach. > > + 1 for fixing the legacy data and also for employing lowercasing all the > tables you identified. > > Suresh > > > On Jun 14, 2017, at 10:14 AM, Christie, Marcus Aaron <machr...@iu.edu> > > wrote: > > > > Dev, > > > > During testing integration with Keycloak, Eroma discovered several issues > > [1] [2] [3] [4] related to having a legacy username with mixed upper and > > lower case characters. WSO2 IS allowed users to have usernames with upper > > case characters. However, Keycloak lowercases the username when a user is > > created so all usernames in Keycloak are lowercase. This causes a problem > > when code compares a user’s logged in username with usernames in the > > Airavata database that have upper case characters. For example, the PGA > > when trying to determine if the logged in user can write to a project gets > > all of the accessible users and compares the logged in username against the > > list of accessible usernames. > > > > After some thought I’ve come around to thinking that Keycloak lowercasing > > usernames is a good idea. It could cause confusion and potential security > > issues to allow users to have case-sensistive usernames. Two usernames > > could be identical except for case and it would be reasonable for users to > > assume that they represent the same user. > > > > So I think Airavata and specifically the User Profile service should adopt > > the same policy and lowercase usernames. > > > > For legacy data, to fix the issues Eroma encountered, we would need to do a > > one-time conversion of legacy usernames to lowercase. This would involve: > > * lowercasing all usernames in Airavata database. See [5] for list of > > tables that would be affected > > * lowercase the user directory names in gateway user storage on the PGA > > servers > > * likewise lowercase the user directory names in DATA_REPLICA_LOCATION > > > > I’m open to any feedback. > > > > Thanks, > > > > Marcus > > > > [1] https://issues.apache.org/jira/browse/AIRAVATA-2437 > > <https://issues.apache.org/jira/browse/AIRAVATA-2437> > > [2] https://issues.apache.org/jira/browse/AIRAVATA-2438 > > <https://issues.apache.org/jira/browse/AIRAVATA-2438> > > [3] https://issues.apache.org/jira/browse/AIRAVATA-2439 > > <https://issues.apache.org/jira/browse/AIRAVATA-2439> > > [4] https://issues.apache.org/jira/browse/AIRAVATA-2440 > > <https://issues.apache.org/jira/browse/AIRAVATA-2440> > > [5] > > https://issues.apache.org/jira/browse/AIRAVATA-2438?focusedCommentId=16049210&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-16049210 > > > > <https://issues.apache.org/jira/browse/AIRAVATA-2438?focusedCommentId=16049210&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-16049210> > > > > >
