Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for mapping of LDAP groups to ROLES #2084

Closed
sabbyanandan opened this issue Mar 3, 2018 · 1 comment
Closed

Add support for mapping of LDAP groups to ROLES #2084

sabbyanandan opened this issue Mar 3, 2018 · 1 comment
Assignees
@ghillert
Milestone
1.4.0.RC1

Comments

@sabbyanandan
Copy link
Contributor

As a user, I'd like to configure the mapping of LDAP AD groups against the SCDF roles (VIEW, CREATE, and MANAGE), so I can define the authorization rules in SCDF at the LDAP group level.

See this SO thread for background.

Acceptance:

  • I can configure an AD group for example ROLE_APP_MYAPPLICATION_AUTHZ_VIEW against SCDF's ROLE_VIEW role transparently as env-var or properties or in the YAML. Similarly, ROLE_CREATE and ROLE_MANAGE roles can also be mapped to the AD groups
  • With LDAP turned-on and the above "group<->role" mapping, I shouldn't have to do anything else. The system interprets the mapping to determine the authorization boundaries automatically
  • Shell, APIs, RESTTemplate, and the UI obey the authorization boundaries
  • A sample configuration is included in the ref. guide
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ghillert ghillert

Labels
None yet
Projects
None yet
Milestone
1.4.0.RC1
Development

Successfully merging a pull request may close this issue.

gh-2084 Add support for mapping of LDAP groups to ROLES
3 participants
@jvalkeal @ghillert @sabbyanandan