Details
-
Enhancement
-
Status: Resolved (View Workflow)
-
Major
-
Resolution: Fixed
-
21.0.5, Meridian-2016.1.11, Meridian-2017.1.6
-
Security Level: Default (Default Security Scheme)
-
Horizon - April 4th 2018, Horizon - April 11th 2018
Description
Currently, when using LDAP/AD through Spring Security, this custom class that is part of our code base (a.k.a. UserGroupLdapAuthoritiesPopulator), is used to map LDAP groups from the authenticated user to OpenNMS Security Roles.
Now, if there are no matches, no roles will be assigned to the authenticated user, and you'll see a horrible "Access Denied".
Maybe the original intention was exactly that, but there are situations, on which you want to assign a default OpenNMS security role, because there is no common group in ActiveDirectory/LDAP that all the users can use in order to have the same functionality; which is even more critical when using Single Sign On.