Project

General

Profile

Actions
Copy link

User story #24182

closed

Add a role mapping and filtering for OIDC provided roles

Added by François ARMAND 10 months ago. Updated 6 months ago.

Status:
Released
Priority:
N/A
Assignee:
Clark ANDRIANASOLO
Target version:
Rudder plugins - 7.3
Pull Request:
https://github.com/Normation/rudder-p...
UX impact:
Suggestion strength:
User visibility:
Effort required:
Name check:
To do
Fix check:
Checked
Regression:
No

Description

We would like to be able to restriect the list of role an IdP can address, and allow a mapping between the names used by the IdP and Rudder internal names.

The config and could look like:

rudder.auth.oauth2.provider.okta.roles.mapping.enforced=true
rudder.auth.oauth2.provider.okta.roles.mapping.entitlements.rudder_admin=administrator
rudder.auth.oauth2.provider.okta.roles.mapping.entitlements.rudder_readonly=readonly

(if enforced is true, we only are allowed to use the roles from entitlements, else entitlements are additionnal aliases)

Files

clipboard-202402091756-gk0bf.png (9.65 KB) clipboard-202402091756-gk0bf.png François ARMAND, 2024-02-09 17:56

Related issues 3 (0 open3 closed)

Related to Rudder - Architecture #24183: Add an Alias type of Role to track role mapping and IdP logoutReleasedClark ANDRIANASOLOActions
Related to Authentication backends - Bug #24325: Fix initialization of spring beans in auth-backendsResolvedFrançois ARMANDActions
Related to Authentication backends - Bug #24384: Documentation for OIDC properties is not up to dateReleasedNicolas CHARLESActions
Actions
Copy link

Also available in: Atom PDF