Support "admin group" in OIDC mode #13113

reasonerjt · 2020-09-21T06:59:47Z

Goal:

Add an attribute "Admin group" to OIDC configuration. This field will be enabled only when the admin set the "Group
Claim" .
When the user login via OIDC provider if the value of admin group is in the list of group entries under this claim, the user will have the permission of system admin. The change in membership or "admin group" setting will only be reflected if his ID token is refreshed in Harbor such as re-login.
Non-goal:
There are inconsistency issues on UI, as described in LDAP Administrators Not Marked in Users Menu #8052
The admin group setting will remain in auth setting, and will not be moved to the Groups view.

The text was updated successfully, but these errors were encountered:

reasonerjt · 2020-10-22T10:30:53Z

Fixed in #13312 and #13313

reasonerjt changed the title ~~Support admin group in~~ Support "admin group" in OIDC mode Sep 21, 2020

reasonerjt added target/2.2.0 area/oidc labels Sep 21, 2020

reasonerjt mentioned this issue Sep 21, 2020

Add oidc_admin_group to OIDC authentication like LDAP has #10724

Closed

reasonerjt assigned reasonerjt and AllForNothing Sep 21, 2020

AllForNothing mentioned this issue Oct 20, 2020

[UI]Add admin group support to OIDC auth mode #13313

Merged

reasonerjt closed this as completed Oct 22, 2020

Provide feedback