[MGNLSSO-36] Mix external Authentication with internal role resolution and assignment Created: 30/Jul/20 Updated: 04/Nov/21 Resolved: 04/Nov/21 |
|
| Status: | Closed |
| Project: | Single Sign On |
| Component/s: | None |
| Affects Version/s: | 2.4 Incubator |
| Fix Version/s: | None |
| Type: | New Feature | Priority: | Neutral |
| Reporter: | Jörg Wirsig | Assignee: | Unassigned |
| Resolution: | Workaround exists | Votes: | 1 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Template: |
|
| Acceptance criteria: |
Empty
|
| Date of First Response: |
| Description |
|
In our setup we have a very complex setup of different roles / groups. It would be very useful, if we could use the external SSO authentication, but afterwards, the roles and groups would be applied as it would be by a default login. So i would suggest a local magnoluia role / group resolution based on the loginname provided by SSO Login, if the name matches an local magnolia account. As a consequence the user has to be added to magnolia manually and configured with the granted roles and groups. The main advantage is, that the bunch of groups does not have to be assigned in the AD by people who have no idea about what groups and roles are required. |
| Comments |
| Comment by Lars Fischer [ 04/Nov/21 ] |
|
Hi Jörg, in SSO Connector there is the "create local users feature" which should cover your use case (if I understood it correctly). The SSO Connector module is legacy now, so you should request the feature in the "official" module (Magnolia SSO) if needed. Thanks, Lars |