Rewrite account name in a credentialstore plugin

Hi,

We are trying to rewrite the account name that are used when logging in to a server, as we are planning to implement SRA and prefer personal user accounts.

When a user is requesting a root account we have crated a aa plugin that looks for a requestable account named *-rw, which are the admin accounts we are using in SPP.

The aa plugin does its job and it looks good.

We are then setting self.session_cookie['server_username'], and self.session_cookie['account']. Those are transferd to the credential store plugin, but it seems it does not use them.

 

In the credentialstore plugin we added a function called _generate_accounts, and yeild the desired account. 

In the logs we see that the plugin is able to fetch the correct password for the account: 

**Found passwords for account=role-t-app-rw** asst=assetname** 

But we do get a ZV_REJECT in the next line where it informs that the remote_username is blank

If I send in the correct accountname from SRA, the login works perfectly, so I'm guessing that there must be some other cookie that need to be changed. 

Are there a secret function or cookie that need to be updated ? 

SPS version : 8.0

SPP  versiion: 8.0

/Ragnar Hongset