Uploaded image for project: 'Jackrabbit Oak'
  1. Jackrabbit Oak
  2. OAK-10067

ExternalGroupPrincipalProvider does not resolve inherited groups that cross IDP boundaries

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 1.48.0
    • auth-external
    • None

    Description

      if a dynamic group is member of group that does not belong to the same IDP (such as e.g. a local group that is not listed in automembership), the ExternalGroupPrincipalProvider will fail to resolve the inherited membership for external users.

      Note that resolving the membership of the dynamic group itself works, but for external members of that dynamic group (i.e. external users) the IDP-boundary crossing membership will not be resolved.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. OAK-10082 Group.getMembers() needs to resolve inherited members of dynamic groups

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. OAK-10379 DynamicGroupsTest#testCrossIDPMembership() fails occasionally

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed
          links to

          Web Link GitHub Pull Request #825

          Activity

            People

              angela Angela Schreiber
              angela Angela Schreiber
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: