id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
25042	When user is authenticated using external (REMOTE_USER) authentication, their attributes should get updated if the external environment provides the data	Jan Pazdziora	nobody	"When external authentication is used, the traditional result is the username, passed to application via REMOTE_USER or similar mechanism.

With user identities being primarily managed outside of applications' user databases, user records in applications' databases (that need to be created so that foreign keys have parents) will increasingly be created during the first successful login. While the username might be enough for some applications, some might want the full set of attributes including the name and email address to get filled based on the data from the external identity/authentication source.

Since {{{AbstractUser}}} defines {{{first_name}}}, {{{last_name}}}, and {{{email}}}, I propose these attributes to be populated upon successful external authentication. The source of this data could be {{{REMOTE_USER_FIRSTNAME}}}, {{{REMOTE_USER_LASTNAME}}}, and {{{REMOTE_USER_EMAIL}}} based on the proposal at http://www.freeipa.org/page/Environment_Variables#Proposed_Additional_Variables.

With mod_auth_mellon 0.10.10 (for SAML), the configuration to populate these variables is

{{{
MellonSetEnvNoPrefix REMOTE_USER_FIRSTNAME givenname
MellonSetEnvNoPrefix REMOTE_USER_LASTNAME fullname
MellonSetEnvNoPrefix REMOTE_USER_EMAIL email
}}}

With mod_lookup_identity, the configuration would typically be

{{{
LookupUserAttr givenname REMOTE_USER_FIRSTNAME
LookupUserAttr sn REMOTE_USER_LASTNAME
LookupUserAttr mail REMOTE_USER_EMAIL
}}}"	New feature	closed	contrib.auth	dev	Normal	wontfix			Unreviewed	0	0	0	0	0	0