Bug #24230
Updated by Clark ANDRIANASOLO 3 months ago
Currently, enabling providers and allowing to override their role is done in the auth-backends plugin : * for ldap, we parse the @rudder.auth.provider@ configuration property for an @ldap@ attribute, if found we always map its roles using the users XML file * for oauth2 and oidc, we parse the @rudder.auth.provider@ configuration property for the respective attributes, if found we can : 1. - take the users XML file into account to add roles to provided users (default behavior) 2. - enable role provisioning along user provisioning from the configuration value : @rudder.auth.oauth2.provider.{registration}.roles.enable=true@ 3. - disallow extending user roles from the users XML file by providing a configuration value : @rudder.auth.oauth2.provider.{registration}.roles.override=true@, where @registration@ is priorly defined with a configuration property : @rudder.auth.oauth2.registrations@ We should have a way to know all declared providers in Rudder with properties that would be used across plugins (e.g. user-management) : * what is the provider internal id ? * is user role provisioning enabled by the provider ? * if roles can be provisioned, does the provider extend roles or strictly override them ?