dashboard icon indicating copy to clipboard operation
dashboard copied to clipboard
verified publisher icon rancher

Manually entered Groups names in ADFS Auth Provider does not work

Open nwmac opened this issue 3 years ago • 5 comments

Internal Reference: SURE-5789

Connected Rancher server to ADFS for authentication. When we try to restrict which groups are allowed to login and enter the Distinguished Name manually in the field it do not work.

When we select it from the DropDown List everything is fine.

nwmac avatar Mar 07 '23 11:03 nwmac

First step: Reproduce issue and document how to setup environment for reproducing.

nwmac avatar Mar 07 '23 11:03 nwmac

I was able to reproduce this with Keycloak SAML.

The issue is that when you start typing a name, you're not searching, you're specifying a new name and hence we assume it is a user.

When you click the drop-down, we show you a group - I think we only have access to the group for the current user, so we show that.

Screen Recording 2023-03-08 at 18 07 04

The issue is the SAML does not allow you to search. We need to re-think the UX and be clearer to the user.

I don't think showing the groups in the dropdown is useful.

nwmac avatar Mar 08 '23 18:03 nwmac

In terms of the groups shown when clicking the drop down, if it works the same way as GH you're correct. The groups shown are those returned when we requests principals ... which are the ones the user is a member of

richard-cox avatar Jul 03 '23 10:07 richard-cox

Backend issue: https://github.com/rancher/rancher/issues/44441

nwmac avatar Feb 13 '24 16:02 nwmac

@nwmac do we need to update JIRA (SURE-5789) about this issue? Is it blocked by backend?

aalves08 avatar Mar 05 '24 14:03 aalves08