Dev, During testing integration with Keycloak, Eroma discovered several issues [1] [2] [3] [4] related to having a legacy username with mixed upper and lower case characters. WSO2 IS allowed users to have usernames with upper case characters. However, Keycloak lowercases the username when a user is created so all usernames in Keycloak are lowercase. This causes a problem when code compares a user’s logged in username with usernames in the Airavata database that have upper case characters. For example, the PGA when trying to determine if the logged in user can write to a project gets all of the accessible users and compares the logged in username against the list of accessible usernames.
After some thought I’ve come around to thinking that Keycloak lowercasing usernames is a good idea. It could cause confusion and potential security issues to allow users to have case-sensistive usernames. Two usernames could be identical except for case and it would be reasonable for users to assume that they represent the same user. So I think Airavata and specifically the User Profile service should adopt the same policy and lowercase usernames. For legacy data, to fix the issues Eroma encountered, we would need to do a one-time conversion of legacy usernames to lowercase. This would involve: * lowercasing all usernames in Airavata database. See [5] for list of tables that would be affected * lowercase the user directory names in gateway user storage on the PGA servers * likewise lowercase the user directory names in DATA_REPLICA_LOCATION I’m open to any feedback. Thanks, Marcus [1] https://issues.apache.org/jira/browse/AIRAVATA-2437 [2] https://issues.apache.org/jira/browse/AIRAVATA-2438 [3] https://issues.apache.org/jira/browse/AIRAVATA-2439 [4] https://issues.apache.org/jira/browse/AIRAVATA-2440 [5] https://issues.apache.org/jira/browse/AIRAVATA-2438?focusedCommentId=16049210&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-16049210
