[MGNLSSO-38] Users do not get given the roles assigned to a group they belong to Created: 01/Sep/20  Updated: 08/Jul/21  Resolved: 08/Jul/21

Status: Closed
Project: Single Sign On
Component/s: None
Affects Version/s: 1.0
Fix Version/s: 2.0

Type: Bug Priority: Neutral
Reporter: Maxime Michel Assignee: Maxime Michel
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Problem/Incident
relation
is related to MAGNOLIA-8132 Allows access to MgnlUserManager meth... Open
Template:
Acceptance criteria:
Empty
Task DoD:
[X]* Doc/release notes changes? Comment present?
[X]* Downstream builds green?
[X]* Solution information and context easily available?
[X]* Tests
[X]* FixVersion filled and not yet released
[X]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:

 Description   

The module allows to map a Keycloak group to Magnolia roles and groups.

If the configuration defines that a user in magnolia-sre should get the superuser role, then a user in magnolia-sre will get the role and associated security rights.

If, however, the configuration defines that a user in magnolia-marketing should be assigned the Magnolia marketing group, then the user will get the group, but this won't have any consequence on security. This will only have practical consequences if the marketing Magnolia group defined associated roles. However, in such a case, the module is currently not smart enough to look for those roles and give them to the user.



 Comments   
Comment by Maxime Michel [ 08/Jul/21 ]

We have fixed this issue using the exact same approach as was done in the SSO Connector. (Thanks jfrantzius for the initial contribution!). However, we have also created a ticket in main in order to open up the API there, and not have to create a TransitiveMgnlUserManager in SsoUserManager. We will therefore be able to replace the implementation at a later time.

Generated at Mon Feb 12 10:50:31 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.