dex icon indicating copy to clipboard operation
dex copied to clipboard
verified publisher icon dexidp

Crowd connector does not return display name

Open ihulsbus opened this issue 3 years ago • 1 comments

Preflight Checklist

  • [X] I agree to follow the Code of Conduct that this project adheres to.
  • [X] I have searched the issue tracker for an issue that matches the one I want to file, without success.
  • [X] I am not looking for support or already pursued the available support channels without success.

Version

2.33.0

Storage Type

SQLite

Installation Type

Official container image

Expected Behavior

Expected to get the user's display name after logging in via the Crowd connector in the name claim as also described in the "Custom Claims" documentation: https://dexidp.io/docs/custom-scopes-claims-clients/#custom-claims

Actual Behavior

Crowd connector returns the username instead of the display name in the name claim, e.g.: johndoe instead of John Doe

Steps To Reproduce

  1. Use official container
  2. Use latest Crowd release (5.0.2 at the time of writing)
  3. Create crowd connection and static client
  4. Login
  5. check the /userinfo endpoint.
  6. user claim shows username in the name claim instead of the display name

Additional Information

Got:

{
    "iss": "https://localhost:5556",
    "sub": "<hash>",
    "aud": "testclient",
    "exp": 1661942538,
    "iat": 1661856138,
    "at_hash": "<hash>",
    "email": "[email protected]",
    "email_verified": true,
    "groups": [
        "group"
    ],
    "name": "johndoe",
    "preferred_username": "johndoe"
}

Expected:

{
    "iss": "https://localhost:5556",
    "sub": "<hash>",
    "aud": "testclient",
    "exp": 1661942538,
    "iat": 1661856138,
    "at_hash": "<hash>",
    "email": "[email protected]",
    "email_verified": true,
    "groups": [
        "group"
    ],
    "name": "John Doe",
    "preferred_username": "johndoe"
}

Configuration

issuer: https://localhost:5556
storage:
  type: sqlite3
  config:
    file: dex.db
web:
  http: 0.0.0.0:5556
telemetry:
  http: 0.0.0.0:5558
expiry:
  signingKeys: "6h"
  idTokens: "24h"
oauth2:
    skipApprovalScreen: true
    alwaysShowLoginScreen: false
staticClients:
- id: testclient
  redirectURIs:
  - 'http://localhost:8000/oidc/callback'
  name: 'TestClient'
  public: False
  secret: '<redacted>'
connectors:
- type: atlassian-crowd
  id: crowd
  name: Crowd
  config:
    baseURL: https://<baseurl>/crowd
    clientID: <client>
    clientSecret: <secret>
    usernamePrompt: username
    preferredUsernameField: name

Logs

Not relevant

ihulsbus avatar Aug 30 '22 10:08 ihulsbus

The correct attribute is display-name rather than name (documentation):

$ curl -q -u application:password -H 'Accept: application/json' https://crowd.example.com/crowd/rest/usermanagement/1/user\?username\=johnsmith | jq
{
  "expand": "attributes",
  "link": { ... },
  "name": "johnsmith",
  "password": { ... },
  "key": ...,
  "active": true,
  "attributes": { ... },
  "first-name": "John",
  "last-name": "Smith",
  "display-name": "John Smith",
  "email": "[email protected]",
  "created-date": 1575417360000,
  "updated-date": 1662012304000
}

https://github.com/dexidp/dex/blob/221ff841bc1113b51af1e7c4ed410a76d31f73a7/connector/atlassiancrowd/atlassiancrowd.go#L56-L61

xeals avatar Sep 02 '22 02:09 xeals