Project

General

Profile

Actions
Copy link

User story #24182

closed

Add a role mapping and filtering for OIDC provided roles

Added by François ARMAND 10 months ago. Updated 6 months ago.

Status:
Released
Priority:
N/A
Assignee:
Clark ANDRIANASOLO
Target version:
Rudder plugins - 7.3
Pull Request:
https://github.com/Normation/rudder-p...
UX impact:
Suggestion strength:
User visibility:
Effort required:
Name check:
To do
Fix check:
Checked
Regression:
No

Description

We would like to be able to restriect the list of role an IdP can address, and allow a mapping between the names used by the IdP and Rudder internal names.

The config and could look like:

rudder.auth.oauth2.provider.okta.roles.mapping.enforced=true
rudder.auth.oauth2.provider.okta.roles.mapping.entitlements.rudder_admin=administrator
rudder.auth.oauth2.provider.okta.roles.mapping.entitlements.rudder_readonly=readonly

(if enforced is true, we only are allowed to use the roles from entitlements, else entitlements are additionnal aliases)

Files

clipboard-202402091756-gk0bf.png (9.65 KB) clipboard-202402091756-gk0bf.png François ARMAND, 2024-02-09 17:56

Related issues 3 (0 open3 closed)

Related to Rudder - Architecture #24183: Add an Alias type of Role to track role mapping and IdP logoutReleasedClark ANDRIANASOLOActions
Related to Authentication backends - Bug #24325: Fix initialization of spring beans in auth-backendsResolvedFrançois ARMANDActions
Related to Authentication backends - Bug #24384: Documentation for OIDC properties is not up to dateReleasedNicolas CHARLESActions
Actions
Copy link
 #1

Updated by François ARMAND 10 months ago

  • Status changed from New to In progress
  • Assignee set to François ARMAND
Actions
Copy link
 #2

Updated by François ARMAND 10 months ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from François ARMAND to Clark ANDRIANASOLO
  • Pull Request set to https://github.com/Normation/rudder-plugins/pull/651
Actions
Copy link
 #3

Updated by François ARMAND 10 months ago

  • Related to Architecture #24183: Add an Alias type of Role to track role mapping and IdP logout added
Actions
Copy link
 #4

Updated by Anonymous 9 months ago

  • Status changed from Pending technical review to Pending release
Actions
Copy link
 #6

Updated by François ARMAND 9 months ago

  • Target version changed from 1020 to 7.3.12-backport-24146
Actions
Copy link
 #7

Updated by Clark ANDRIANASOLO 9 months ago

  • Related to Bug #24325: Fix initialization of spring beans in auth-backends added
Actions
Copy link
 #8

Updated by François ARMAND 9 months ago

  • Related to Bug #24384: Documentation for OIDC properties is not up to date added
Actions
Copy link
 #9

Updated by Vincent MEMBRÉ 8 months ago

  • Target version changed from 7.3.12-backport-24146 to 7.3
Actions
Copy link
 #10

Updated by François ARMAND 7 months ago

  • Fix check changed from To do to Checked
Actions
Copy link
 #11

Updated by Vincent MEMBRÉ 6 months ago

  • Status changed from Pending release to Released
Actions
Copy link

Also available in: Atom PDF