Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update user membership on login #134

Open
2 tasks done
SailReal opened this issue Aug 30, 2022 · 0 comments
Open
2 tasks done

Update user membership on login #134

SailReal opened this issue Aug 30, 2022 · 0 comments
Labels
type:feature-request New feature or request

Comments

@SailReal
Copy link
Member

Please agree to the following

Summary

Update user membership on login

Motivation

Users and groups are synced in regular intervals with Keycloak. If a user is removed within this interval from the group, in Hub they are still part of the group.

To mitigate such security relevant issues, the user group membership should be synced on every login.

Considered Alternatives

No response

Anything else?

The problem currently is, that the claim of the Keycloak group mapper can only contain the path and or name of the group, not the ID. Updating group memberships based on the path isn't a good idea. We need to wait until group IDs can be added to the claim.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type:feature-request New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@SailReal