User without any Auth Source


I was looking into the code for external users and users in general. I saw a few test cases in which no auth source was assigned to a user and the user is created. Is this intended in any way?

I am not sure about the history about auth sources. I have tried to create a user and every time I do so an auth source is assigned to a user. To re-frame my question: is there a way for a user to login without an auth source assigned to it?


The history is simple - back in the days internal user was the only supported one. Then we added LDAP and we needed a flag to differentiate between two types I think. Correct me if I am wrong @Marek_Hulan

Blank auth source should be disallowed I think in model.


I agree, thanks for the insight. Can you also through some light on the setting Authorize login delegation

Looking at the test cases:

context 'authorize_login_delegation = true' do
    setup do
      @host = Host.first
      Setting[:authorize_login_delegation] = true
      Setting[:authorize_login_delegation_api] = false
      set_remote_user_to users(:admin)
      User.current = nil # User.current is admin at this point (from initialize_host)

    test "REMOTE_USER should be ignored for API requests" do
      get :show, params: {:id => @host.to_param, :format => 'json'}
      assert_response 401

    test "REMOTE_USER should be trusted for UI requests" do
      get :show, params: {:id => @host.to_param}
      assert_response :success

I am not sure why would one need to use this setting? Is there anything specific from the the external users point of view?

Not sure about this one but I drilled down to Feature #1300: Foreman should support HTTP Authentification - Foreman

1 Like

This setting completely turn Apache SSO authentication on or off.