HUE-8321 [oidc] Add implementation for creating a new user if not exist during login

Review Request #13100 - Created June 20, 2018 and submitted

Ying Chen
enricoberti, jgauthier, johan, ranade, romain, weixia
commit 899007e905ad2e76b9f7b58588e26f670a403dd0 (HEAD -> django-oidc-auth)
Author: Ying Chen <>
Date:   Wed Jun 20 16:36:26 2018 -0700

    HUE-8321 [oidc] Add implementation for creating a new user if not exist during login
      * override user lookup by username instead of email
      * allow to create as a superuser if it belongs to a superuser group
          1. add the name of Hue superuser group to superuser_group in hue.ini
          2. in Keycloak, go to your_realm --> your_clients --> Mappers, add a mapper
               Mapper Type: Group Membership (this is predefined mapper type)
               Token Claim Name: group_membership (required exact string)
      * allow not to create new user, and redirect to oidc failed page

:100644 100644 d29035ce40... 10681c867c... M    desktop/conf.dist/hue.ini
:100644 100644 738d3a2b31... e1212b14df... M    desktop/conf/pseudo-distributed.ini.tmpl
:100644 100644 6836c59416... 70a7614fb2... M    desktop/core/src/desktop/auth/
:100644 100644 91c706ee60... daeb3069d7... M    desktop/core/src/desktop/auth/
:100644 100644 5e05ad857d... a46371483a... M    desktop/core/src/desktop/
:100644 100644 dd870b4d6b... 5fe7ed1288... M    desktop/core/src/desktop/
:100644 100644 34b6ebe795... 19c08c0520... M    desktop/core/src/desktop/
:000000 100644 0000000000... c0f8534b82... A    desktop/core/src/desktop/templates/oidc_failed.mako
:100644 100644 c2a9b20414... 2919c1110d... M    desktop/core/src/desktop/

  1. Nice!

Review request changed

Status: Closed (submitted)