[MGNLSSO-5] External Group Resolution - subgroups are not assigned Created: 30/Oct/18  Updated: 24/Oct/19  Resolved: 24/Oct/19

Status: Closed
Project: Single Sign On
Component/s: None
Affects Version/s: 2.1 Incubator
Fix Version/s: 2.4 Incubator

Type: Improvement Priority: Neutral
Reporter: Jörg Wirsig Assignee: Lars Fischer
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Independent


Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Date of First Response:

 Description   

It seems that if the external groups management is used the subgroups of assigned groups are not assigned as expected. 

Example:

  • Group A
    • has Role A
    • has Group B assigned
  • Group B
    • has Role B

If Group A is assigned to a user via external groups management the user does not recieve the permissions of Role B, though that should happen in my understanding of the Group and Role concept. 



 Comments   
Comment by Lars Fischer [ 18/Sep/19 ]

The SSO Connector module extends from the external user manager class and this class has not implemented the needed methods to apply adding subgroups, roles and then prepare the ACLs.

So the user manager for the SSO Connector needs to implement missing methods.

Comment by Joerg von Frantzius [ 23/Oct/19 ]

Hi Lars, please see https://git.magnolia-cms.com/projects/SERVICES/repos/sso-connector/pull-requests/11/overview for a fix. Would be great if this could be merged!

Comment by Lars Fischer [ 24/Oct/19 ]

I have integrated the fix into the module.

Generated at Mon Feb 12 10:50:12 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.