Merge pull request #7700 from DIRACGridBot/cherry-pick-2-14a37c522-in…

…tegration [sweep:integration] feat (IAM): fetch nickname attribute from scim interface
DIRACGrid · Jun 27, 2024 · 6221c56 · 6221c56
2 parents 95bb0b1 + 7492be9
commit 6221c56
Showing 1 changed file with 14 additions and 2 deletions.
diff --git a/src/DIRAC/Core/Security/IAMService.py b/src/DIRAC/Core/Security/IAMService.py
@@ -87,9 +87,21 @@ def convert_iam_to_voms(iam_output):
             cert_dict = {}
             dn = convert_dn(cert["subjectDn"])
             ca = convert_dn(cert["issuerDn"])
-
             cert_dict["CA"] = ca
-            cert_dict["nickname"] = iam_output["userName"]
+
+            # The nickname is available in the list of attributes
+            # (if configured so)
+            # in the form {'name': 'nickname', 'value': 'chaen'}
+            # otherwise, we take the userName
+            try:
+                cert_dict["nickname"] = [
+                    attr["value"]
+                    for attr in iam_output["urn:indigo-dc:scim:schemas:IndigoUser"]["attributes"]
+                    if attr["name"] == "nickname"
+                ][0]
+            except (KeyError, IndexError):
+                cert_dict["nickname"] = iam_output["userName"]
+
             # This is not correct, we take the overall status instead of the certificate one
             # however there are no known case of cert suspended while the user isn't
             cert_dict["certSuspended"] = not iam_output["active"]