[RTFACT-20095] Improve SAML groups claim integration with AzureAD SAML Created: 11/Sep/19  Updated: 20/Sep/19

Status: Open
Project: Artifactory Binary Repository
Component/s: SAML SSO
Affects Version/s: 6.8.11, 6.10.2
Fix Version/s: None

Type: Improvement Priority: High
Reporter: Charles Lambert Assignee: Unassigned
Resolution: Unresolved Votes: 4
Labels: artifactory, security
Environment:

JFrog artifactory SaaS



 Description   

Azure Active Directory limits the number of groups it will emit in a token to 150 for SAML assertions, and 200 for JWT to prevent tokens getting too large. If a user is a member of a larger number of groups than the limit, the groups are emitted and a link to the Graph endpoint to obtain group information.

This request is to improve the current SAML SSO integration to allow artifactory to consume the graph endpoint. In large organizations, SAML tokens can exceed HTTP header limits which can can lead to unpredictable results. Thus, Azure will emit a graph group claim to allow the app (artifactory) to query all groups the user belongs to. 



 Comments   
Comment by Chris Denneen [ 16/Sep/19 ]

Yes need a way to parse the graph link for Group information

Generated at Tue Sep 29 11:47:25 UTC 2020 using Jira 8.5.3#805003-sha1:b4933e02eaff29a49114274fe59e1f99d9d963d7.