[MAGNOLIA-8132] Allows access to MgnlUserManager methods that resolve transitive roles/groups Created: 08/Jul/21  Updated: 30/Jan/23

Status: Open
Project: Magnolia
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Neutral
Reporter: Maxime Michel Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
dependency
depends upon MGNLSSO-179 Make sso source of truth for roles an... Open
relation
is related to MGNLSSO-38 Users do not get given the roles assi... Closed
is related to MGNLSSO-68 Remove deprecated TransitiveUserManag... Open
Template:
Acceptance criteria:
Empty
Task DoR:
Empty
Date of First Response:
Epic Link: SSO support for custom IdPs
Team: AdminX

 Description   

User beans are usually built with both direct & transitive groups+roles pre-resolved.
Currently, MgnlUserManager#aggregateDirectAndTransitiveGroups|Roles is doing this, however this is not much available towards ExternalUserManager or SsoUserManager.

=> Additional constructor params for ExternalUser (allGroups, allRoles)
=> Consider moving aggregating methods to UserManager interface as default methods



 Comments   
Comment by Matt Rajkovic [ 27/Jun/22 ]

mmichel, is this still needed? Isn't this already outdated now that the new SSO version has been released? 

Comment by Maxime Michel [ 27/Jun/22 ]

mrajkovic yes, see: https://git.magnolia-cms.com/projects/ENTERPRISE/repos/magnolia-sso/browse/magnolia-sso/src/main/java/info/magnolia/sso/SsoUserManager.java#100-114

Comment by Matt Rajkovic [ 05/Sep/22 ]

Most likely will be closed as "Won't do". Possibly, this can be closed after https://jira.magnolia-cms.com/browse/SECURITY-30 is closed. 

Comment by Maxime Michel [ 05/Sep/22 ]

Hmm, don't know about won't do, this is still an issue for the PaaS for instance. I can understand that it's not a prio but it still deserves a ticket, I think.

Comment by Evzen Fochr [ 05/Sep/22 ]

mmichel concept for sso roles and groups changed. See https://git.magnolia-cms.com/projects/ENTERPRISE/repos/magnolia-sso/pull-requests/136/overview

 

Generated at Mon Feb 12 04:29:57 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.