[RTFACT-14821] Allow using Admin privileges on external realm groups with logins from HTTP SSO external realm users Created: 20/Aug/17  Updated: 24/Jul/18

Status: Open
Project: Artifactory Binary Repository
Component/s: LDAP, Security
Affects Version/s: 5.5.0
Fix Version/s: None

Type: Improvement Priority: Normal
Reporter: Andrei Komarov Assignee: Uriah Levy
Resolution: Unresolved Votes: 0
Labels: None

Issue Links:
Dependency
is a precondition for RTFACT-12320 Add an option to bind HTTP SSO logins... Resolved
Relationship
relates to RTFACT-14255 SAML Group sync to an Admin privilege... Resolved
is related to RTFACT-16532 Validate external authentication serv... Open

 Description   

Enable admin privileges grant for external realm users and groups

Steps to reproduce:

1. Configure the Artifactory HTTP SSO integration
2. Utilize the syncLdapGroups plugin
3. Log in as an LDAP user and allow it to be binded to an imported LDAP group
4. Assign that Artifactory group with "Admin Privileges"
5. Login using HTTP SSO - You will see that you are not given with Admin privilege

  • Other group permission (e.g. manage) are assigned correctly, if they were given
  • You may use a browser plugin to send HTTP SSO header, e.g. Modify Headers for Chrome to ease on the reproduction


 Comments   
Comment by Andrei Komarov [ 24/Jul/18 ]

This can work since version 5.8.0 (RTFACT-12320) with internal groups.

However there is a pre-condition for this: an LDAP user must do a login to have the group associated with the user.

The full resolution would be done with: RTFACT-16532

Generated at Wed Feb 19 05:12:28 UTC 2020 using JIRA 7.6.16#76018-sha1:9ed376192612a49536ac834c64177a0fed6290f5.