search

solo-io / gloo

The Feature-rich, Kubernetes-native, Next-Generation API Gateway Built on Envoy
https://docs.solo.io/
Apache License 2.0
4.06k stars 433 forks source link

LDAP Plugin doesn't pass the group information back #8324

Open AkshayAdsul opened 1 year ago

AkshayAdsul commented 1 year ago

Version

1.13.x

Is your feature request related to a problem? Please describe.

We may have missed a minor functionality from https://github.com/solo-io/gloo/issues/6367. Currently we are NOT passing the group information back in the request for a subsequent OPA filter to authorise the request further.

Describe the solution you'd like

LDAP group info to be passed down the chain for further processing. Example if in subsequent processing there is an OPA plugin to write authorization policies. These policies require group information from authentication plugin i.e. the ldap plugin.

Describe alternatives you've considered

No response

Additional Context

Please refer https://solo-io.zendesk.com/agent/tickets/2066 Looking at the implementation https://github.com/solo-io/ext-auth-service/blob/master/pkg/config/ldap/auth_service.go#L236 we don't pass the LDAP group information.

github-actions[bot] commented 2 months ago

This issue has been marked as stale because of no activity in the last 180 days. It will be closed in the next 180 days unless it is tagged "no stalebot" or other activity occurs.

soloio-bot commented 4 days ago

Zendesk ticket #2066 has been linked to this issue.