Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Refactor UserGroupLdapAuthoritiesPopulator to provide a default role.

Description

Currently, when using LDAP/AD through Spring Security, this custom class that is part of our code base (a.k.a. UserGroupLdapAuthoritiesPopulator), is used to map LDAP groups from the authenticated user to OpenNMS Security Roles.

Now, if there are no matches, no roles will be assigned to the authenticated user, and you'll see a horrible "Access Denied".

Maybe the original intention was exactly that, but there are situations, on which you want to assign a default OpenNMS security role, because there is no common group in ActiveDirectory/LDAP that all the users can use in order to have the same functionality; which is even more critical when using Single Sign On.

Acceptance / Success Criteria

None

Lucidchart Diagrams

Activity

Show:

David Hustace July 26, 2018 at 1:18 PM

Nice work on this. Thanks AG and DF!

Alejandro Galue April 18, 2018 at 12:33 PM

The PR has been merged.

fooker April 10, 2018 at 2:15 PM

Fixed

Details

Assignee

Reporter

Labels

Components

Sprint

Fix versions

Affects versions

Priority

PagerDuty

Created March 27, 2018 at 7:08 PM
Updated July 26, 2018 at 1:18 PM
Resolved April 18, 2018 at 12:33 PM