-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Returns ExtendedGeorchestraUser
object when createUserInLdap
set to true
#114
Returns ExtendedGeorchestraUser
object when createUserInLdap
set to true
#114
Conversation
0bebc62
to
3e41367
Compare
3e41367
to
c0f1a68
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've added a couple small commits. Looks good to me.
@pmauduit if you prefer so and it looks good to you, squash-merge them into your original commit.
Feel free to merge
Considering the following configuration scenario: * external authentication (oidc/oauth2 or pre-auth) being configured * `createUsersInGeorchestraLdap` set to true Then the resolved GeorchestraUser should be an `ExtendedGeorchestraUser`, in order to have a behaviour coherent with the extended geOrchestra LDAP authentication. Without doing so, users externally authenticated will resolve as a classic GeorchestraUser, leading to missing http headers and breaking some geOrchestra applications (e.g. datafeeder, which requires the `sec-orgname` provided only when resolving to an `ExtendedGeorchestraUser`). This also refactors the LdapConfigProperties to GeorchestraGatewaySecurityConfigProperties, as the object is not only about LDAP, but also nests some other configureable features (OIDC, ...). Documentation has been updated to describe / explain the behaviour. Tests: * testsuite adapted * added specific tests case scenario
a4f5563
to
204f91a
Compare
Thanks @groldan for the review
👍 |
thymeleaf templates for e.g. login are not resolved anymore after this merge, I cannot explain why for now, but hitting /login will return the "login" string as response body. |
See #114 (comment) Using RestController will disable thymeleaf template integration, reverting back to Controller annotation instead. Tests: runtime in the docker composition provided at the root of the reppository.
…er-merge-114 login - fix thymeleaf integration (reverts a modification from #114)
Considering the following configuration scenario:
createUsersInGeorchestraLdap
set to trueThen the resolved
GeorchestraUser
should be anExtendedGeorchestraUser
, in order to have a behaviour coherent with the geOrchestra LDAP authentication (via the classic login form provided by the gateway).Without doing so, users externally authenticated will resolve as a classic GeorchestraUser, leading to missing http headers and breaking some geOrchestra applications (e.g. datafeeder, which requires the
sec-orgname
provided only when resolving to anExtendedGeorchestraUser
).This also refactors the
LdapConfigProperties
toGeorchestraGatewaySecurityConfigProperties
, as the object is not only about LDAP, but also nests some other configureable features (OIDC, ...).Documentation has been updated to describe / explain the behaviour.
Tests:
IMPORT
role, being externally authenticated, I was able to import a dataset following the datafeeder wizard.