-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Minimalistic support for group filtering in oidc connector #3074
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Debug messages don't seem like a necessary addition. The better approach is, for example, to trace HTTP requests to providers and check returned bodies. Custom debug messages are blocking this PR.
@mdpradeep, everything seems fine now according to the code and ready to be merged (when tests are successfully passed). I'd like to take this feature to the upcoming v2.38.0 release, so waiting 🙂 |
Minimalistic support for group filtering in oidc connector Signed-off-by: Pradeep Mudlapur <pradeep@juliacomputing.com> Co-Authored-By: Maksim Nabokikh <max.nabokih@gmail.com> Co-Authored-By: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com>
Signed-off-by: Pradeep Mudlapur <pradeep@juliacomputing.com>
Signed-off-by: Pradeep Mudlapur <pradeep@juliacomputing.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks really nice. Thank you, @mdpradeep, for your contribution!
Signed-off-by: Pradeep Mudlapur <pradeep@juliacomputing.com> Co-authored-by: Maksim Nabokikh <max.nabokih@gmail.com> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com>
Signed-off-by: Pradeep Mudlapur <pradeep@juliacomputing.com> Co-authored-by: Maksim Nabokikh <max.nabokih@gmail.com> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Signed-off-by: Houssem Ben Mabrouk <houssem.benmabrouk.ext@orange.com>
Overview
Filter users based on groups in OIDC connector.
What this PR does / why we need it
Currently it is not possible to filter users based on groups like it is done with the
google
connector. This PR is an attempt to support group filtering in theoidc
connector. The connector configuration takes an additional configuration as below to specify what the allowed groups are. If the user's groups belong to at least one of theallowedGroups
, then authentication will be successful. The other change is to indicate that the user does not belong to allowed groups if authentication fails because the user does not belong to any of the allowed groups.Special notes for your reviewer
Does this PR introduce a user-facing change?