Project

General

Profile

Actions

User story #24182

closed

Add a role mapping and filtering for OIDC provided roles

Added by François ARMAND 11 months ago. Updated 7 months ago.

Status:
Released
Priority:
N/A
Target version:
UX impact:
Suggestion strength:
User visibility:
Effort required:
Name check:
To do
Fix check:
Checked
Regression:
No

Description

We would like to be able to restriect the list of role an IdP can address, and allow a mapping between the names used by the IdP and Rudder internal names.

The config and could look like:

rudder.auth.oauth2.provider.okta.roles.mapping.enforced=true
rudder.auth.oauth2.provider.okta.roles.mapping.entitlements.rudder_admin=administrator
rudder.auth.oauth2.provider.okta.roles.mapping.entitlements.rudder_readonly=readonly

(if enforced is true, we only are allowed to use the roles from entitlements, else entitlements are additionnal aliases)


Files

clipboard-202402091756-gk0bf.png (9.65 KB) clipboard-202402091756-gk0bf.png François ARMAND, 2024-02-09 17:56

Related issues 3 (0 open3 closed)

Related to Rudder - Architecture #24183: Add an Alias type of Role to track role mapping and IdP logoutReleasedClark ANDRIANASOLOActions
Related to Authentication backends - Bug #24325: Fix initialization of spring beans in auth-backendsResolvedFrançois ARMANDActions
Related to Authentication backends - Bug #24384: Documentation for OIDC properties is not up to dateReleasedNicolas CHARLESActions
Actions #1

Updated by François ARMAND 11 months ago

  • Status changed from New to In progress
  • Assignee set to François ARMAND
Actions #2

Updated by François ARMAND 11 months ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from François ARMAND to Clark ANDRIANASOLO
  • Pull Request set to https://github.com/Normation/rudder-plugins/pull/651
Actions #3

Updated by François ARMAND 11 months ago

  • Related to Architecture #24183: Add an Alias type of Role to track role mapping and IdP logout added
Actions #4

Updated by Anonymous 10 months ago

  • Status changed from Pending technical review to Pending release
Actions #6

Updated by François ARMAND 10 months ago

  • Target version changed from 1020 to 7.3.12-backport-24146
Actions #7

Updated by Clark ANDRIANASOLO 10 months ago

  • Related to Bug #24325: Fix initialization of spring beans in auth-backends added
Actions #8

Updated by François ARMAND 10 months ago

  • Related to Bug #24384: Documentation for OIDC properties is not up to date added
Actions #9

Updated by Vincent MEMBRÉ 9 months ago

  • Target version changed from 7.3.12-backport-24146 to 7.3
Actions #10

Updated by François ARMAND 8 months ago

  • Fix check changed from To do to Checked
Actions #11

Updated by Vincent MEMBRÉ 7 months ago

  • Status changed from Pending release to Released
Actions

Also available in: Atom PDF