Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SAML authenticated - no role in administration #106

Open
jbouzekri opened this issue Oct 4, 2020 · 5 comments
Open

SAML authenticated - no role in administration #106

jbouzekri opened this issue Oct 4, 2020 · 5 comments

Comments

@jbouzekri
Copy link

The URL /pentaho/api/ldap/config/getAttributeValues returns a 404 if I am authenticated as Administrator using information from SAML with saml.role.related.user.attribute.name. So I am unable to add new roles.

Screenshot from 2020-10-04 13-19-50
@jbouzekri
Copy link
Author

However it seems that ajax calls to populate the page are done correctly :

Screenshot from 2020-10-04 13-41-28

@jbouzekri
Copy link
Author

It seems it is hardcoded in the platform role admin controler that it is not working with something else than super or jackrabbit :

https://github.com/pentaho/pentaho-platform/blob/cc19879b6b44d3f13e581b014f1514f1640ae37e/user-console/src/main/java/org/pentaho/mantle/client/admin/UserRolesAdminPanelController.java#L474

private void processLDAPOrJDBCmode() {
    final String url = GWT.getHostPageBaseURL() + "api/system/authentication-provider";
    RequestBuilder executableTypesRequestBuilder = new RequestBuilder( RequestBuilder.GET, url );
    executableTypesRequestBuilder.setHeader( "If-Modified-Since", "01 Jan 1970 00:00:00 GMT" );
    executableTypesRequestBuilder.setHeader( "accept", "application/json" );
    try {
      executableTypesRequestBuilder.sendRequest( null, new RequestCallback() {

        public void onError( Request request, Throwable exception ) {
        }

        public void onResponseReceived( Request request, Response response ) {
          String resText = response.getText();
          usingPentahoSecurity = resText.contains( "\"jackrabbit\"" ) || resText.contains( "\"super\"" );
          userRolePermissions( usingPentahoSecurity );
        }
      } );
    } catch ( RequestException e ) {
      userRolePermissions( false );
    }
  }

@lukasged
Copy link

lukasged commented Apr 6, 2021

We're facing the same issue in my team using Pentaho version 9.1.0.0 . We enable the SAML plugin's authorization provider by setting authorization.provider=saml and also the saml.role.related.user.attribute.name option with its corresponding value in our system. We can successfully login to the User Console with Administrator rights but the list of available roles in the Administration console is empty, and doesn't let us add new roles manually.

Did you manage to solve this issue @jbouzekri ?

Has anybody else found a solution to this?

@lukasged lukasged mentioned this issue Apr 6, 2021
Open
@jbouzekri
Copy link
Author

@lukasged : I did not delve deeper into this issue as I assumed it is linked to the hardcoded values in the UserRolesAdminPanelController. I am going to subscribe to notification on pentaho/pentaho-platform#4841 to be aware of any change made by the core team.

@lukasged
Copy link

lukasged commented Apr 7, 2021

@lukasged : I did not delve deeper into this issue as I assumed it is linked to the hardcoded values in the UserRolesAdminPanelController. I am going to subscribe to notification on pentaho/pentaho-platform#4841 to be aware of any change made by the core team.

Thanks for coming back to this issue @jbouzekri . Let's see if we get further info into this 🤞

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jbouzekri @lukasged