Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-9937

Refactor UserGroupLdapAuthoritiesPopulator to provide a default role.

    Details

    • Sprint:
      Horizon - April 4th 2018, Horizon - April 11th 2018

      Description

      Currently, when using LDAP/AD through Spring Security, this custom class that is part of our code base (a.k.a. UserGroupLdapAuthoritiesPopulator), is used to map LDAP groups from the authenticated user to OpenNMS Security Roles.

      Now, if there are no matches, no roles will be assigned to the authenticated user, and you'll see a horrible "Access Denied".

      Maybe the original intention was exactly that, but there are situations, on which you want to assign a default OpenNMS security role, because there is no common group in ActiveDirectory/LDAP that all the users can use in order to have the same functionality; which is even more critical when using Single Sign On.

        Attachments

          Activity

            People

            • Assignee:
              fooker Dustin Frisch
              Reporter:
              agalue Alejandro Galue
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: