jalogisch
commented
7 years ago the following PR adds that https://github.com/Graylog2/graylog-plugin-auth-sso/pull/33
Open jalogisch opened 7 years ago
jalogisch
commented
7 years ago the following PR adds that https://github.com/Graylog2/graylog-plugin-auth-sso/pull/33
bernd
commented
7 years ago @jalogisch While this implements LDAP user sync on SSO login, it doesn't implement a separation of authn and authz. It only solves the problem for two specific authn/authz methods. So it's more like a workaround until we split the two.
alex-mnt
commented
5 years ago Hi guys,
Any news regarding this? When will this implemented ? This is nice thing to have. Thank you.
Expected Behavior
Be able to have one Plugin configured for authentication (authn) and another for authorization (authz).
Current Behavior
Authn and authz are bound into one subsystem.
Only with LDAP authentication and the group-role mapping it is possible to have the lookup for authentication and the lookup for authorization together.
Possible Solution
Split authentication and authorization in two different sections and combine them to the customer login and authorization model.
That will be more complex but gives the ability work around the different security models that are used with Graylog.
Context
When using SSO for authentication you are not able to use a proper authorization. Currently the only option would be to build a custom plugin that hold the authn part and the authz part and combine them.