Rudder

Currently, enabling providers and allowing to override their role is done in the auth-backends plugin :

• for ldap, we parse the rudder.auth.provider configuration property for an ldap attribute, if found we always map its roles using the users XML file
• for oauth2 and oidc, we parse the rudder.auth.provider configuration property for the respective attributes, if found we can :
  1. take the users XML file into account to add roles to provided users (default behavior)
  2. enable role provisioning along user provisioning from the configuration value : rudder.auth.oauth2.provider.{registration}.roles.enable=true
  3. disallow extending user roles from the users XML file by providing a configuration value : rudder.auth.oauth2.provider.{registration}.roles.override=true, where registration is priorly defined with a configuration property : rudder.auth.oauth2.registrations

We should have an easier way than reading the configuration again to know all declared providers in Rudder with properties that would be used across plugins (e.g. user-management) :

• what is the provider internal id ?
• is user role provisioning enabled by the provider ?
• if roles can be provisioned, does the provider extend roles or strictly override them ?