-
Notifications
You must be signed in to change notification settings - Fork 499
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for custom mappings between OIDC token and meshcentral user #5179
Comments
In the #4530 pull request I'm pretty sure I gave the ability to set a custom claim to use for this exact use case. It's a little behind now but it could still potentially be merged. I'm not sure if it is planned to be merge eventually or if it would need to be reworked but I still use it as it for what its worth. Here are the docs I wrote for that particular feature if you end up using it. |
Sadly I don't have any odic providers so I cannot test for you or try and make a fix |
I can fix it, I just want the go ahead on the idea, so it get's merged at the end. I see there is another solution for OIDC but it never got merged. If you guys have a better idea in mind, I can implement and test that, as long as it works I don't mind! |
@GastonMeghi sure, if you think u can fix it, submit a PR and ill get @Ylianst to look at it for you! no promises on the merge tho |
Thanks! I'll be working on that these days! hope it makes it! |
Is your feature request related to a problem? Please describe.
I'm working with Two OIDC IDPs at the moment and none of them send the user name in a field that can be picked up by meshcentral.
Describe the solution you'd like
By using jsonpath-plus and adding a new key in the config, every user can specify how their IDP's ID token should be mapped to meshcentral's profiles.
Describe alternatives you've considered
This is the only thing I could think of that's flexible enough for every usecase.
Additional context
For example if my OIDC ID token is:
with this key in the config file:
IDTokenToProfileMapper: "{"display_name":"$.preferred_username","email":"$.email","id":"$.sub"}"
we would get this in the profile:
This could also be done for the groups, but I haven't explored that yet
This should be an issue in @mstrhakr repo for OIDC as well. If you guys agree with this I can implement it and make a pull request.
The text was updated successfully, but these errors were encountered: