Bug #24230
Updated by Clark ANDRIANASOLO 9 months ago
Currently, enabling providers and allowing to override their role is done in the auth-backends plugin :
* for ldap, we parse the @rudder.auth.provider@ configuration property for an @ldap@ attribute, if found we always map its roles using the users XML file
* for oauth2 and oidc, we parse the @rudder.auth.provider@ configuration property for the respective attributes, if found we can :
* take the users XML file into account to add roles to provided users (default behavior)
* disallow extending user roles from the users XML file by providing a configuration value : @rudder.auth.oauth2.provider.{registration}.roles.override=true@, where @registration@ is priorly defined with a configuration property : @rudder.auth.oauth2.registrations@
We should have a way to know all declared providers in Rudder with properties that would be used across plugins (e.g. user-management) :
* what is the provider internal id ?
* is user role provisioning enabled by the provider ?
* if roles can be provisioned, does the provider extend roles or strictly override them ?