Currently, Artifactory supports the ability to associate an HTTP SSO login session with groups in Artifactory (see https://www.jfrog.com/jira/browse/RTFACT-7112) with the use of a Realm user-plugin. However, this association is not persisted in any way, and it expires when the login session expires.
Customers need to have the ability to achieve the same group association functionality with HTTP SSO login that they have with a standard LDAP login. This will be a cohesive solution for users who have an LDAP server configured in Artifactory for the purpose of groups and permissions, who use it in conjunction with HTTP SSO for login.
In this scenario, the HTTP SSO login will use the same functionality the LDAP login uses to associate the user with a group on the LDAP server, and also persist the user to the group on Artifactory (i.e add the user to the relevant group(s) on Artifactory), just like the LDAP login does.
We could make this option configurable in the HTTP SSO screen - i.e let the user pick an LDAP server(s) he wants to associate with the HTTP SSO login, for example.