[RTFACT-14821] Allow using Admin privileges on external realm groups with logins from HTTP SSO external realm users Created: 20/Aug/17  Updated: 21/May/20

Status: Open
Project: Artifactory Binary Repository
Component/s: LDAP, Security
Affects Version/s: 5.5.0
Fix Version/s: None

Type: Improvement Priority: Normal
Reporter: Andrei Komarov Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: None

Issue Links:
is a precondition for RTFACT-12320 Add an option to bind HTTP SSO logins... Resolved
relates to RTFACT-14255 SAML Group sync to an Admin privilege... Resolved
is related to RTFACT-16532 Validate external authentication serv... Open


Enable admin privileges grant for external realm users and groups

Steps to reproduce:

1. Configure the Artifactory HTTP SSO integration
2. Utilize the syncLdapGroups plugin
3. Log in as an LDAP user and allow it to be binded to an imported LDAP group
4. Assign that Artifactory group with "Admin Privileges"
5. Login using HTTP SSO - You will see that you are not given with Admin privilege

  • Other group permission (e.g. manage) are assigned correctly, if they were given
  • You may use a browser plugin to send HTTP SSO header, e.g. Modify Headers for Chrome to ease on the reproduction

Comment by Andrei Komarov [ 24/Jul/18 ]

This can work since version 5.8.0 (RTFACT-12320) with internal groups.

However there is a pre-condition for this: an LDAP user must do a login to have the group associated with the user.

The full resolution would be done with: RTFACT-16532

Generated at Tue Sep 22 13:51:29 UTC 2020 using Jira 8.5.3#805003-sha1:b4933e02eaff29a49114274fe59e1f99d9d963d7.