Replies: 2 comments
-
|
The current implementation only adds the current user to the identity provider (because it uses the token of the current user and takes the user to be the only available user with its groups on request). So if you you want to get more, you will need a real connection to the IDP (like keycloak or azure AD) instead of just reading the current user from the token. What IDP are you using? In a different project I implemented a lookup for users from Azure graph API or from Keycloak to get all users having some privelegdes.. technically, you'll need to implement a userDetailService for this ... Does it help? |
Beta Was this translation helpful? Give feedback.
-
|
Currently I managed to implement OAuth for the existing user and as per the
jwt token I am extracting claims for it but issue is all user are been
given a admin access .
Concern is to allow all authorized user (which will be done by oauthserver)
but only give read only permission.
Thanks
Satish waybhase
…On Wed, Jul 17, 2024 at 17:33 Simon Zambrovski ***@***.***> wrote:
The current implementation only adds the current user to the identity
provider (because it uses the token of the current user and takes the user
to be the only available user with its groups on request). So if you you
want to get more, you will need a real connection to the IDP (like keycloak
or azure AD) instead of just reading the current user from the token. What
IDP are you using?
In a different project I implemented a lookup for users from Azure graph
API or from Keycloak to get all users having some privelegdes..
technically, you'll need to implement a userDetailService for this ...
Does it help?
—
Reply to this email directly, view it on GitHub
<#31 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABXP35TJDNULDUWYOLPY4DLZM3WLZAVCNFSM6AAAAABKXBAF36VHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTAMBXHAYDKMI>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
After implementing SSO , now for all the users which are been authenticated successfully i need to give only readonly Permission under this role , Anything specific i need to do to give only READY ONLY permission
i am getting "camunda-Readonly" role from SSO which is been reflected in authorization.
Also i do see Group authorization.
but i dont see the logged in user tied to this readonly role group , and its having all admin privileges by defaults.
IS THERE A WAY TO ADD ALL LOGGED IN USERS TO THIS webApprole/camunda-ReadOnly role and give only read only access to users been logged in via SSO
@zambrovski
Beta Was this translation helpful? Give feedback.
All reactions