Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use identity provider for role membership #35

Open
inghamn opened this issue Feb 10, 2023 · 0 comments
Open

Use identity provider for role membership #35

inghamn opened this issue Feb 10, 2023 · 0 comments
Assignees
@inghamn

Comments

@inghamn
Copy link
Member

inghamn commented Feb 10, 2023

The starting example this application provides uses a local database and expects staff to maintain user accounts in that database. For our purposes, this is almost always extra management burden that no one wants to do.

The organization's users are already in LDAP or Active Directory, and we could assign users to groups inside of the directory. If we rely on the identity provider (CAS or ADFS) to also send group members during authentication, then we could assign a user's role during the authentication process by reading it from the directory group membership, rather than looking the user account in a local database.
@inghamn inghamn self-assigned this Feb 16, 2023
inghamn added a commit that referenced this issue Feb 16, 2023
@inghamn
OIDC provides all user information
56e08ac 
Rather than storing user accounts in the database, this reads all user information from the OIDC provider.

Updates #35
inghamn added a commit that referenced this issue Feb 16, 2023
@inghamn
OIDC read display name from AD users
f1f11aa 
Updates #35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@inghamn inghamn

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@inghamn