[MGNLSSO-13] External User does not get assigned sub-groups in Magnolia Created: 30/Oct/19  Updated: 30/Oct/19  Resolved: 30/Oct/19

Status: Closed
Project: Single Sign On
Component/s: None
Affects Version/s: 2.2 Incubator
Fix Version/s: None

Type: Improvement Priority: Major
Reporter: Martin Schmid Assignee: Lars Fischer
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: 1h
Time Spent: Not Specified
Original Estimate: 1h
Environment:

Magnolia 6.1.2 DX Core / OpenJDK 11 / TC 9.0.44


Template:
Patch included:
Yes
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Date of First Response:

 Description   

During external user login process, the SSOConnectorUserManager only maps the direct group names. 

In Magnolia, a group can have sub groups. In version 2.2 Snaphot, these groups are not resolved. 

In the "validateGroups()" method, the transitive groups are present and can be added: 

...if (group != null) {
  groupList.add(groupName);
  // test if group has transitive groups
  Collection<String> transitiveGroups = group.getGroups();
  for (String transitiveGroupName : transitiveGroups) {
    groupList.add(transitiveGroupName);
    }
} else {
...



 Comments   
Comment by Lars Fischer [ 30/Oct/19 ]

This is a general limitation of the external user classes (methods are not implemented). But for the SSO Connector this has already been fixed, see https://jira.magnolia-cms.com/browse/MGNLSSO-5.

Comment by Martin Schmid [ 30/Oct/19 ]

nice, thank you @lfischer 

Generated at Mon Feb 12 10:50:17 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.