Actions
User story #24182
open
Add a role mapping and filtering for OIDC provided roles
Effort required:
Name check:
To do
Fix check:
Checked
Regression:
No
Description
We would like to be able to restriect the list of role an IdP can address, and allow a mapping between the names used by the IdP and Rudder internal names.
The config and could look like:
rudder.auth.oauth2.provider.okta.roles.mapping.enforced=true rudder.auth.oauth2.provider.okta.roles.mapping.entitlements.rudder_admin=administrator rudder.auth.oauth2.provider.okta.roles.mapping.entitlements.rudder_readonly=readonly
(if enforced is true, we only are allowed to use the roles from entitlements, else entitlements are additionnal aliases)
Files
Updated by François ARMAND 3 months ago
- Status changed from New to In progress
- Assignee set to François ARMAND
Updated by François ARMAND 3 months ago
- Status changed from In progress to Pending technical review
- Assignee changed from François ARMAND to Clark ANDRIANASOLO
- Pull Request set to https://github.com/Normation/rudder-plugins/pull/651
Updated by François ARMAND 3 months ago
- Related to Architecture #24183: Add an Alias type of Role to track role mapping and IdP logout added
Updated by Anonymous 2 months ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder:rudder-plugins|d1417c283c8cc9da693536665b2da8368268a042.
Updated by François ARMAND 2 months ago
Applied in changeset rudder:rudder-plugins|a86328520f648a23ab5a121f691e76d9707c4749.
Updated by François ARMAND 2 months ago
- Target version changed from 1020 to 7.3.12-backport-24146
Updated by Clark ANDRIANASOLO about 2 months ago
- Related to Bug #24325: Fix initialization of spring beans in auth-backends added
Updated by François ARMAND about 2 months ago
- Related to Bug #24384: Documentation for OIDC properties is not up to date added
Updated by Vincent MEMBRÉ 25 days ago
- Target version changed from 7.3.12-backport-24146 to 7.3
Actions