Project

General

Profile

Actions

Bug #24230

closed

User management - Bug #24219: Display user detail using information from database

Authentication providers and role mapping settings should be exposed

Added by Clark ANDRIANASOLO 9 months ago. Updated 9 months ago.

Status:
Released
Priority:
N/A
Category:
API
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Small
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
No

Description

Currently, enabling providers and allowing to override their role is done in the auth-backends plugin :
  • for ldap, we parse the rudder.auth.provider configuration property for an ldap attribute, if found we always map its roles using the users XML file
  • for oauth2 and oidc, we parse the rudder.auth.provider configuration property for the respective attributes, if found we can :
    1. take the users XML file into account to add roles to provided users (default behavior)
    2. enable role provisioning along user provisioning from the configuration value : rudder.auth.oauth2.provider.{registration}.roles.enable=true
    3. disallow extending user roles from the users XML file by providing a configuration value : rudder.auth.oauth2.provider.{registration}.roles.override=true, where registration is priorly defined with a configuration property : rudder.auth.oauth2.registrations
We should have an easier way than reading the configuration again to know all declared providers in Rudder with properties that would be used across plugins (e.g. user-management) :
  • what is the provider internal id ?
  • is user role provisioning enabled by the provider ?
  • if roles can be provisioned, does the provider extend roles or strictly override them ?

Related issues 2 (0 open2 closed)

Related to Authentication backends - User story #22738: OIDC provided custom role listReleasedVincent MEMBRÉActions
Related to Authentication backends - Bug #23254: User management plugin incorrectly understands OIDC rolesReleasedVincent MEMBRÉActions
Actions #1

Updated by Clark ANDRIANASOLO 9 months ago

Actions #2

Updated by Clark ANDRIANASOLO 9 months ago

  • Related to Bug #23254: User management plugin incorrectly understands OIDC roles added
Actions #3

Updated by Clark ANDRIANASOLO 9 months ago

  • Description updated (diff)
Actions #4

Updated by Clark ANDRIANASOLO 9 months ago

  • Description updated (diff)
Actions #5

Updated by Clark ANDRIANASOLO 9 months ago

  • Description updated (diff)
Actions #6

Updated by Clark ANDRIANASOLO 9 months ago

  • Subject changed from Authentication providers and role mapping should be statically known to Authentication providers and role mapping settings should be exposed
  • Description updated (diff)
Actions #7

Updated by Clark ANDRIANASOLO 9 months ago

  • Status changed from New to In progress
Actions #8

Updated by Clark ANDRIANASOLO 9 months ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Clark ANDRIANASOLO to Vincent MEMBRÉ
  • Pull Request set to https://github.com/Normation/rudder/pull/5408
Actions #9

Updated by Vincent MEMBRÉ 9 months ago

  • Target version changed from 7.3.12 to 7.3.13
Actions #10

Updated by Clark ANDRIANASOLO 9 months ago

  • Status changed from Pending technical review to Pending release
Actions #19

Updated by Anonymous 9 months ago

Actions #20

Updated by Vincent MEMBRÉ 9 months ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 7.3.13 which was released today.

Actions

Also available in: Atom PDF