-
Notifications
You must be signed in to change notification settings - Fork 445
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Groups from LDAP #6270
Comments
Hm we could extend our LDAP provider or create an action to map this infos around. |
This feels like a must have. Even simple IDPs like Dex or Authelia are able to return group membership info from an LDAP server. |
Sure that is true, we should be able to extend this. The reason we did hold back is basically because claims like groups do not exist in the standard. So the best course on our end would be to allow people to use an action to map across the values into a token. |
CC @hifabienne I guess this is something worth to extend actions ldap support |
Yes, I think actions is the right place for this. |
I think, this could be a great improvement. For us at wavestack we had three requests within the last two weeks by users, asking for managing projects with groups or even had this as an requirement for their usecase. Their is definitely a need for this and it could make things way more comfortable. For now, this is not a requirement for c5 criteria (https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/CloudComputing/Anforderungskatalog/2020/C5_2020.pdf?__blob=publicationFile&v=2), but this could also change in the future. Lets keep in touch for this, if you have any questions how a good implementation could look like. |
I want the same thing but coming in as someone switching from Auth0 to zitadel. This is the options when I configure an AzureAD OIDC sso in Auth0. |
Preflight Checklist
Describe your problem
Like a lot of people we have users in legacy AD. We currently use Keycloak for OIDC which includes the ad groups of the user in the userinfo endpoint. This can then be used for rbac inside the apps.
Describe your ideal solution
On Keycloak you can return the user groups as part of either userinfo or access token with the groups mapper.
Version
No response
Environment
Self-hosted
Additional Context
No response
The text was updated successfully, but these errors were encountered: