Details
-
Improvement
-
Resolution: Unresolved
-
Neutral
-
None
-
1.1.1
-
None
-
None
Description
When hooking up Magnolia to Azure, we found out that a typical groupMapping configuration that looks like this:
groupMappings:
/magnolia-sre:
groups:
- travel-demo-publishers
roles:
- superuser
Ends up looking like this because Azure delivers group IDs rather than names:
groupMappings:
ea0b1d9f-c8fc-4b99-9f76-8a92abbbb496: # travel-demo-editors
roles:
- superuser
That makes the configuration less readable and it has been suggested that we make Azure-specific calls to endpoints such as:
- https://graph.microsoft.com/v1.0/me/memberOf
- https://graph.microsoft.com/v1.0/<tenant>/groups/<group-uid>
In order to make the configuration process slightly easier.
This comes at the cost of added complexity and deviation from the module's conventions. I am not favorable to implementing it, but I wanted to log it regardless, in case it does became necessary at a later point.
Checklists
Acceptance criteria
Attachments
Issue Links
- relates to
-
MGNLSSO-189 Custom SSO authorization generators
-
- Closed
-