Skip to content

Commit

Permalink
fixup! fixup! fixup! Fixes #23254: User management plugin incorrectly…
Browse files Browse the repository at this point in the history 
… understand OIDC roles

Fixes #23254: User management plugin incorrectly understand OIDC roles
  • Loading branch information
@fanf
fanf committed Aug 18, 2023
1 parent 54f174e commit e7163a1
Showing 1 changed file with 14 additions and 3 deletions.
17 changes: 14 additions & 3 deletions user-management/README.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ This plugin allows to get new capabilities for user management:
- and a UI is added in Rudder `Administration` menu to help with user management.

Note that the xref:plugins:api-authorizations.adoc[API authorizations] plugin also extends user
rights with a self-service UI to manage an API token to perform API calls with their personal account.
rights with a self-service UI to manage an API token to perform API calls with their personal account.
See the xref:plugins:api-authorizations.adoc[plugin documentation] if you need more info about that feature.


Expand Down Expand Up @@ -190,9 +190,20 @@ The UI is available in the `Administration` menu on `User management` entry (1):
image::docs/images/usermanagement-ui.png[]

With that UI, you can add a new user (2), reload `/opt/rudder/etc/rudder-users.xml` file from disk (3) and see
what is the current authentication method configured for users (see the xref:plugins:auth-backends.adoc[authentication
what is the current authentication method configured for users (4) (see the xref:plugins:auth-backends.adoc[authentication
backends plugin] for more information on that subject).
You also have access to the list of configured users and their permissions (5). When you click on a user, you get
You also have access to the list of configured users and their permissions (5).

[WARNING]
====
The given role list is the one statically configured in `/opt/rudder/etc/rudder-users.xml`. Some plugin
are able to change that list when user logs in if centralized authorization management is used. For example, OIDC plugin can do that.
In that case, the actual list of role the user got is logged in the application logs and a warning message is displayed in (4).
====

When you click on a user, you get
the user details and you can update them:

image::docs/images/usermanagement-ui-user-details.png[]
Expand Down

0 comments on commit e7163a1

Please sign in to comment.