oC10 / oCIS parallel / migration deployment broke because of user authentication

[wkloucek]

Describe the bug

Users can't login to oCIS in the parallel deployment example since #2528, because the proxy no supports only lookups by username

ocis/proxy/pkg/user/backend/cs3.go

Lines 35 to 37 in 1ee4198

	if claim != "username" {
	return nil, "", fmt.Errorf("claim: %s not supported", claim)
	}

but the example deplyoment uses the userid

ocis/deployments/examples/oc10_ocis_parallel/docker-compose.yml

Lines 71 to 72 in 1ee4198

	PROXY_USER_OIDC_CLAIM: ocis.user.uuid # claim was added in Keycloak
	PROXY_USER_CS3_CLAIM: userid # equals STORAGE_LDAP_USER_SCHEMA_UID

Steps to reproduce

Steps to reproduce the behavior:

1. start the parallel deployment https://owncloud.dev/ocis/deployment/oc10_ocis_parallel/
2. switch user to oCIS

Expected behavior

User logs in fine

Actual behavior

User can not login

[ishank011]

@wkloucek we can get this working again by making the machine auth driver accept a claim:value input, such as username:alice. @gmgigi96 can you take this up?

[wkloucek]

The LDAP backend example is also broken because of the proxy not supporting lookups by mail.

{"level":"error","service":"proxy","error":"claim: mail not supported","time":"2021-10-14T14:15:58.601163178Z","message":"Could not get user by claim"}

[gmgigi96]

@wkloucek we can get this working again by making the machine auth driver accept a claim:value input, such as username:alice. @gmgigi96 can you take this up?

Yes, of course

[gmgigi96]

With cs3org/reva#2176, the machine auth accepts an optional claim

[wkloucek]

The parallel deployment is confirmed to be fixed.

Will check the CS3 users deployment example after #2643 is merged again, but I think it should be fine, too.

[wkloucek]

Fix confirmed 👍 The login is possible, #2646 still applies.