dex icon indicating copy to clipboard operation
dex copied to clipboard
verified publisher icon dexidp

Add configuration options to modify group names in oidc connector

Open thenodon opened this issue 4 months ago • 0 comments

Overview

This PR add functionality to the oidc connector to transform groups claims in the following way:

  • apply a regex expression to each group that matches, and replace it with a replacement string
  • enable to set the group name to lower or upper case, default is no change

What this PR does / why we need it

This is controlled by two new optional fields in the oidc connector config claimModifications.modifyGroupNames using the following structure:

      claimModifications:
        modifyGroupNames:
          rewriteRegex: "\\."  # regex to match
          rewriteReplacement: "_"  # replacement string
          caseConversion: "lower"

Background to this PR is that the group names provided by the OIDC is used in the client application for RBAC and in my case the application does not allow roles with dots in the name or upper case letters.

thenodon avatar Sep 14 '25 15:09 thenodon