-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Map groups from Identity Provider #308
Comments
Group mapping is currently not implemented |
Heads up: if it will be implemented, it should be able to deal with group names > 64 characters. |
In addition to group mapping it'd be great to make a given group be required to use it (i.e. so that the set of your NextCloud users may be a subset of users in your user pool) |
➕ 1️⃣ from my end for this feature as well. By adding Mappers or additional Client Scopes for Groups (at least in Keycloak) this can be added quite easily. example access token: {
"exp": 1234,
"iat": 4567,
"jti": "xxxx",
"iss": "https://keycloak.my.tld/realms/testrealm",
"sub": "xxxx",
"typ": "Bearer",
"azp": "nc-localdev-oidc-user-backend",
"session_state": "xxxx",
"acr": "1",
"allowed-origins": [
"http://vagrant-localdev:8082"
],
"scope": "openid groups email profile",
"sid": "xxx",
"email_verified": true,
"name": "Dummy User",
"groups": [
"Employee",
"Testteam"
],
"preferred_username": "dummy-test-user",
"given_name": "Dummy",
"family_name": "User",
"email": "dummy@my.tld"
} |
It seems like this is fixed by #502. As far as I can tell, the requirement of handling group-names > 64 chars is covered by the PR as well. |
Looks like this can be closed now 😃 . |
Is it possible to map the user groups from the Identity Provider?
In the graphical wizard I see:
OpenID Connect User backend version: 1.0.0
Nextcloud version: 22.1.0
Thanks!
The text was updated successfully, but these errors were encountered: