From: Pritha Srivastava <prsrivas@redhat.com>
Date: Wed, 5 Aug 2020 05:57:59 +0000 (+0530)
Subject: rgw/sts: adding documentation for a shadow user created for
X-Git-Tag: v16.1.0~1085^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=refs%2Fpull%2F36255%2Fhead;p=ceph.git

rgw/sts: adding documentation for a shadow user created for
a user that authenticates with oidc provider.

Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
---

diff --git a/doc/radosgw/STS.rst b/doc/radosgw/STS.rst
index 6e2dfe119aef..d843ea5d37c1 100644
--- a/doc/radosgw/STS.rst
+++ b/doc/radosgw/STS.rst
@@ -71,6 +71,10 @@ is of the form::
 
 The app_id in the condition above must match the 'aud' field of the incoming token.
 
+A shadow user is created corresponding to every federated user. The user id is derived from the 'sub' field of the incoming web token.
+The user is created in a separate namespace - 'oidc' such that the user id doesn't clash with any other user ids in rgw. The format of the user id
+is - <tenant>$<user-namespace>$<sub> where user-namespace is 'oidc' for users that authenticate with oidc providers.
+
 STS Configuration
 =================