Comments (6)
I want to introduce a new feature in a group page that allows users to configure a mapping between a specific role and a group. When this feature is enabled, a new field will become available where users can specify the role associated with that particular group.
During the login process, the system will check the role value for user and map them to the appropriate group based on that value. For example, if a FeatureHub group called "DevOnly" on "Portfiolio1" is mapped to an IDP group called "FeatureHub-portfolio1-DevOnly," the system will automatically add the user with the "FeatureHub-portfolio1-DevOnly" role to the "DevOnly" group.
from featurehub.
Hi there! Just trying to probe into this ticket a bit more as I'm not sure quite what you need.
Is it intended to precreate users? You could do that using the API, and you may wish to do so as they won't have any access to anything by default.
The other thing I was thinking is you might be suggesting to prevent people logging on if they don't have the right corporate groups? If so we recommend using SAML for that as you can configure that easily on your side.
If neither of these suggestions is correct or suitable, if you could point me too some documentation where I might get a better understanding?
from featurehub.
Hi there! Just trying to probe into this ticket a bit more as I'm not sure quite what you need.
Is it intended to precreate users? You could do that using the API, and you may wish to do so as they won't have any access to anything by default.
No, by default this auth.userMustBeCreatedFirst take care of this
The other thing I was thinking is you might be suggesting to prevent people logging on if they don't have the right corporate groups? If so we recommend using SAML for that as you can configure that easily on your side.
SAML is not an option I need this on OAuth2, on IDP we have corporate groups, i need to assign groups from there and during login, these groups are recieved on featurehub as claim, and update groups on featurehub, the "control" of group by default are only in my IDP (IBM IAM), a corporate rule, Authorization user<>group are in IDP not in FeatureHub, in Featurehub only control group<>role
If neither of these suggestions is correct or suitable, if you could point me too some documentation where I might get a better understanding?
Something like role mapping on grafana, with recieve from Oauth IDP the role claim with the group equivalent in platform
https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/generic-oauth/#role-mapping
from featurehub.
Thanks for the extra info.
Because of the feature rich nature of our permissions system, we have discounted supporting this kind of capability because we cannot see how it would work. We would need more real life specific examples.
I can see from the link you showed in Grafana what you mean, but FeatureHub portfolio/group permission mapping would be required here - one presumes your claims would need to support the portfolio and groups for each set of permissions? How would you see it working more precisely? Does your IBM IAM support SCIM and would that be a better way to support it?
Thanks!
Richard
from featurehub.
How have you gotten on with the development for this?
from featurehub.
we are developing a proxy api between the identity provider group management webook and the featurehub management api, so users and groups are synchronized.
from featurehub.
Related Issues (20)
- Service Not Returning fetures After Minikube Cluster Restart HOT 15
- Make Split Targeting Rules Container Scrollable HOT 3
- FeatureHub Multi-Group Matching Permissions Issue
- Issues when upgrading to 16.3 -> 1.7.0 HOT 3
- A role with the only rights to map/manage group members within application/portfolio HOT 1
- Unexpected error when unlocking/retiring /relocking a feature HOT 2
- OpenFeature standard support HOT 2
- Split Brain on HTTP requests for features flag requests : Dacha restart fixes HOT 5
- Features count per page always resets back to default (5) after each addition of a new feature HOT 2
- Non-deterministic hash seed HOT 4
- Support for deep tracing in k8s/Istio setup HOT 1
- WebHook URL can't be HTTPS HOT 3
- Issues when upgrading to 1.7.0 -> 1.7.1 HOT 3
- Cannot save feature changes HOT 2
- Setting service account permission for one application wipes off that in another account HOT 1
- Error on configure IDP with provider oauth2-keycloak HOT 7
- Platform check not equals not working as expected (multiple OR values) HOT 2
- Add "includes" and "excludes" operators to the Platform and Country rule
- Caching issue with Kinesis
- Kinesis stream name appears to be hardcoded
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from featurehub.