You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Users and groups are synced in regular intervals with Keycloak. If a user is removed within this interval from the group, in Hub they are still part of the group.
To mitigate such security relevant issues, the user group membership should be synced on every login.
Considered Alternatives
No response
Anything else?
The problem currently is, that the claim of the Keycloak group mapper can only contain the path and or name of the group, not the ID. Updating group memberships based on the path isn't a good idea. We need to wait until group IDs can be added to the claim.
The text was updated successfully, but these errors were encountered:
Please agree to the following
Summary
Update user membership on login
Motivation
Users and groups are synced in regular intervals with Keycloak. If a user is removed within this interval from the group, in Hub they are still part of the group.
To mitigate such security relevant issues, the user group membership should be synced on every login.
Considered Alternatives
No response
Anything else?
The problem currently is, that the claim of the Keycloak group mapper can only contain the path and or name of the group, not the ID. Updating group memberships based on the path isn't a good idea. We need to wait until group IDs can be added to the claim.
The text was updated successfully, but these errors were encountered: