Closed groldan closed 2 years ago
groldan
commented
2 years ago hey @pmauduit don't rush it out, it's WIP yet, we still need a configuration mechanism for how to generically indicate how to extract roles from non standard claims, tests, etc
pmauduit
commented
2 years ago hey @pmauduit don't rush it out, it's WIP yet, we still need a configuration mechanism for how to generically indicate how to extract roles from non standard claims, tests, etc
sorry for the early review :P
Use JSONPath to map OpenIDConnect claims to roles and org name
Regardless of the authorization source (LDAP, OAuth2, OIDC), user credentials are mapped to GeorchestraUser, from which the
sec-*headers will later on be constructed and conveyed to the back-end georchestra services.This patch allows to extract the roles and organization short name from OpenIDConnect standard or non-standard claims, using a JSONPath expression.