From 7492be9860af6b97efb4db70f20e3b9b8f63db2c Mon Sep 17 00:00:00 2001 From: Christophe Haen Date: Wed, 26 Jun 2024 14:43:23 +0200 Subject: [PATCH] sweep: #7691 feat (IAM): fetch nickname attribute from scim interface --- src/DIRAC/Core/Security/IAMService.py | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/src/DIRAC/Core/Security/IAMService.py b/src/DIRAC/Core/Security/IAMService.py index 9faad6b14bc..a7579bd28f7 100644 --- a/src/DIRAC/Core/Security/IAMService.py +++ b/src/DIRAC/Core/Security/IAMService.py @@ -87,9 +87,21 @@ def convert_iam_to_voms(iam_output): cert_dict = {} dn = convert_dn(cert["subjectDn"]) ca = convert_dn(cert["issuerDn"]) - cert_dict["CA"] = ca - cert_dict["nickname"] = iam_output["userName"] + + # The nickname is available in the list of attributes + # (if configured so) + # in the form {'name': 'nickname', 'value': 'chaen'} + # otherwise, we take the userName + try: + cert_dict["nickname"] = [ + attr["value"] + for attr in iam_output["urn:indigo-dc:scim:schemas:IndigoUser"]["attributes"] + if attr["name"] == "nickname" + ][0] + except (KeyError, IndexError): + cert_dict["nickname"] = iam_output["userName"] + # This is not correct, we take the overall status instead of the certificate one # however there are no known case of cert suspended while the user isn't cert_dict["certSuspended"] = not iam_output["active"]