Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-20095

Improve SAML groups claim integration with AzureAD SAML

    Details

    • Type: Improvement
    • Status: Open
    • Priority: High
    • Resolution: Unresolved
    • Affects Version/s: 6.8.11, 6.10.2
    • Fix Version/s: None
    • Component/s: SAML SSO
    • Environment:

      JFrog artifactory SaaS

      Description

      Azure Active Directory limits the number of groups it will emit in a token to 150 for SAML assertions, and 200 for JWT to prevent tokens getting too large. If a user is a member of a larger number of groups than the limit, the groups are emitted and a link to the Graph endpoint to obtain group information.

      This request is to improve the current SAML SSO integration to allow artifactory to consume the graph endpoint. In large organizations, SAML tokens can exceed HTTP header limits which can can lead to unpredictable results. Thus, Azure will emit a graph group claim to allow the app (artifactory) to query all groups the user belongs to. 

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              charles.lambert@ey.com Charles Lambert
            • Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: