Automatically link the superuser account to federated service for auth

When the user commits the configuration, if they have chosen a non-DB auth system, we now auto-link the superuser account to that auth system, to ensure they can login again after restart.

data/users/__init__.py

@@ -15,6 +15,19 @@ from util.aes import AESCipher
 
 logger = logging.getLogger(__name__)
 
+def get_federated_service_name(authentication_type):
+  if authentication_type == 'LDAP':
+    return 'ldap'
+
+  if authentication_type == 'JWT':
+    return 'jwtauthn'
+
+  if authentication_type == 'Keystone':
+    return 'keystone'
+
+  raise Exception('Unknown auth type: %s' % authentication_type)
+
+
 class UserAuthentication(object):
   def __init__(self, app=None, override_config_dir=None):
     self.app_secret_key = None
@@ -45,8 +58,8 @@ class UserAuthentication(object):
       verify_url = app.config.get('JWT_VERIFY_ENDPOINT')
       issuer = app.config.get('JWT_AUTH_ISSUER')
       max_fresh_s = app.config.get('JWT_AUTH_MAX_FRESH_S', 300)
-      users = ExternalJWTAuthN(verify_url, issuer, override_config_dir, max_fresh_s,
-                               app.config['HTTPCLIENT'])
+      users = ExternalJWTAuthN(verify_url, issuer, override_config_dir,
+                               app.config['HTTPCLIENT'], max_fresh_s)
     elif authentication_type == 'Keystone':
       auth_url = app.config.get('KEYSTONE_AUTH_URL')
       keystone_admin_username = app.config.get('KEYSTONE_ADMIN_USERNAME')