Migration from LDAP to AAD - name is overwritten
Breee opened this issue · comments
I currently try to migrate a user from LDAP to AAD.
I've created an app registration and enterprise application in azure and connected it to sonar.
I'm using the proposed approach of sonar to migrate my user user1 and set the external identity to user1@organisation.com
and the provider to aad
curl -X POST -v -u $SONAR_TOKEN: "https://sonar.example.com/api/users/update_identity_provider?login=user1&newExternalIdentity=user1@organisation.com&newExternalProvider=aad"
it works fine, i'm logged in as the same user as with LDAP, however there is one issue:
The name of the user is overwritten to user1@organisation.com
sonar=# select uuid,login,name,email,external_id,external_login,external_identity_provider from users where name ~ 'user1';
uuid | login | name | email | external_id | external_login | external_identity_provider
----------------------+-----------+---------------------+---------------------+---------------------+---------------------+----------------------------
xxxxxxxx | user1 | user1@organisation.com | user1@organisation.com | user1@organisation.com | user1@organisation.com | aad
Which claim has to be set, to set the name ?
i tried to add given_name
and family_name
in the azure app registration under "token configuration", but that does not change the behaviour.
I'm especially confused because sonars logs say the following:
2022.04.12 10:41:13 WARN web[AYAbhuNUiurDLZObAA5q][o.a.a.a.AadIdentityProvider] User's name not found from authentication token for user <USER_ID>
2022.04.12 10:41:14 DEBUG web[AYAbhuNUiurDLZObAA5q][s.n.w.p.h.HttpURLConnection] sun.net.www.MessageHeader@1269c42f6 pairs:
{GET /v1.0/<TENANT>/users/<USER_ID>/transitiveMemberOf HTTP/1.1: null}
{Authorization: <TOKEN>} [....]
but the Token <TOKEN>
used to fetch groups contains the fields name
, given_name
and family_name
,
which should be exactly what you are looking for in