You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Before {PlatformNameShort} {PlatformVers}, *System Auditor* rights were revoked when logging in using Single Sign-On (SSO).
60
+
The user system auditor role was reset at login for SAML users when added in the {PlatformNameShort} user interface.
61
+
62
+
In {PlatformNameShort} {PlatformVers}, you can set a new special user flag to not remove system auditors when logging in, if you added the role in the user interface.
63
+
64
+
To enable this functionality:
65
+
66
+
. From the navigation panel, select {MenuAEAdminSettings}.
67
+
. Select *SAML settings* from the list of *Authentication* options.
68
+
. Click btn:[Edit] and update the *SAML Organization Attribute Mapping* to `{"remove_auditors": false}`.
69
+
+
70
+
.Example
71
+
+
72
+
[literal, options="nowrap" subs="+attributes"]
73
+
+
74
+
----
75
+
{ "remove": true, "remove_admins": false,
76
+
"remove_auditors": false, "saml_admin_attr":
77
+
"admin-of", "saml_attr": "organizations" }
78
+
----
79
+
80
+
.Verification
81
+
82
+
. Enable debugging in {ControllerName}.
83
+
** From the navigation panel, select {MenuAEAdminSettings}.
84
+
** Select *Logging settings* from the list of *System* options.
85
+
** Click btn:[Edit] and select *Debug* in the *Logging Aggregator Level Threshold* drop-down menu.
86
+
. Use SSO to log in to an account with *System Auditor* privileges.
87
+
. Verify the results in `/var/log/tower/tower.log`.
88
+
Or if you are running {PlatformNameShort} on {OCPShort}, review the web pod logs and look for the following, which occurs when a system auditor logs in, whose role was removed when logging in:
0 commit comments