[jira] [Updated] (OAK-10067) ExternalGroupPrincipalProvider does not resolve inherited groups that cross IDP boundaries

Angela Schreiber (Jira) Fri, 13 Jan 2023 08:21:34 -0800


     [ 
https://issues.apache.org/jira/browse/OAK-10067?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Angela Schreiber updated OAK-10067:
-----------------------------------
    Summary: ExternalGroupPrincipalProvider does not resolve inherited groups 
that cross IDP boundaries  (was: ExternalGroupPrincipalProvider#getMembership 
does not resolve inherited groups that cross IDP boundaries)

> ExternalGroupPrincipalProvider does not resolve inherited groups that cross 
> IDP boundaries
> ------------------------------------------------------------------------------------------
>
>                 Key: OAK-10067
>                 URL: https://issues.apache.org/jira/browse/OAK-10067
>             Project: Jackrabbit Oak
>          Issue Type: Bug
>          Components: auth-external
>            Reporter: Angela Schreiber
>            Assignee: Angela Schreiber
>            Priority: Major
>
> if a dynamic group is member of group that does not belong to the same IDP 
> (such as e.g. a local group that is not listed in automembership), the 
> ExternalGroupPrincipalProvider will fail to resolve the inherited membership 
> for external users. 
> Note that resolving the membership of the dynamic group itself works, but for 
> external members of that dynamic group (i.e. external users) the IDP-boundary 
> crossing membership will not be resolved.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (OAK-10067) ExternalGroupPrincipalProvider does not resolve inherited groups that cross IDP boundaries

Reply via email to