Use JSONPath to map OpenIDConnect claims to roles and org name #18
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
pmauduit
reviewed
Apr 29, 2022
.../java/org/georchestra/gateway/security/oauth2/OAuth2AuthenticationTokenOpenIDUserMapper.java
Outdated
Show resolved
Hide resolved
pmauduit
approved these changes
Apr 29, 2022
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
groldan
force-pushed
the
feature/oidc_non_standard_claims_mapping_to_roles
branch
5 times, most recently
from
f2cf1c9 to
03cdd61
Compare
Regardless of the authorization source (LDAP, OAuth2, OIDC), user credentials are mapped to GeorchestraUser, from which the sec-* headers will later on be constructed and conveyed to the back-end georchestra services. This patch allows to extract the roles and organization short name from OpenIDConnect standard or non-standard claims, using a JSONPath expression.
groldan
force-pushed
the
feature/oidc_non_standard_claims_mapping_to_roles
branch
from
03cdd61 to
e3accf8
Compare
groldan
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Use JSONPath to map OpenIDConnect claims to roles and org name
Regardless of the authorization source (LDAP, OAuth2, OIDC),
user credentials are mapped to GeorchestraUser, from which
the
sec-*headers will later on be constructed and conveyedto the back-end georchestra services.
This patch allows to extract the roles and organization
short name from OpenIDConnect standard or non-standard
claims, using a JSONPath expression.