Details
-
Bug
-
Resolution: Fixed
-
Major
-
7.6.0
-
Untriaged
-
0
-
Unknown
Description
If a user accesses the UI docs page with SAML authentication, a call memcached will be made with the "Impersonate User" frame extra, with the user specified as external.
If no other external auth is enabled (e.g. ldap, saslauthd), then external auth will not be enabled in memcached, as SAML auth is UI-only.
If memcached receives a call with an external user in the "Impersonate User" frame extra, while external auth is disabled, then it returns NOT_SUPPORTED, with error context "External authentication service not configured".
Since it is expected that SAML users may be impersonated in calls to memcached, these calls should be able to succeed.
For additional context, see this Slack thread.
Attachments
| For Gerrit Dashboard: MB-62419 | ||||||
|---|---|---|---|---|---|---|
| # | Subject | Branch | Project | Status | CR | V |
| 211650,8 | MB-62419: Enable external auth when SAML is enabled | trinity | ns_server | Status: MERGED | +2 | +1 |
| 211781,2 | MB-62419: Enable external auth when SAML is enabled | master | ns_server | Status: ABANDONED | 0 | 0 |
| 212217,3 | MB-62419: [BP] Add Buckets requirement | trinity | ns_server | Status: MERGED | +2 | +1 |
| 212478,2 | Merge remote-tracking branch 'couchbase/trinity' | master | ns_server | Status: MERGED | +2 | +1 |