authd
authd copied to clipboard
ubuntu
Feature: Filter Entra ID groups
Is there an existing request for this feature?
- [X] I have searched the existing issues and found none that matched mine
Describe the feature
Provide a recommended method for filtering Entra ID groups: https://github.com/ubuntu/authd/issues/431#issuecomment-2250379157
Describe the ideal solution
Currently, any group my Entra ID User is a member of gets pulled and added to the list of groups the account belongs to. Provide a recommend on a supported method to omit / skip / filter groups since the only groups I typically want to apply will come with the "linux-" prefix.
Alternatives and current workarounds
No response
System information and logs
Environment
- broker version: please run
snap info authd-msentraid
snap info authd-msentraid
name: authd-msentraid
summary: MSEntra ID broker for authd
publisher: Canonical✓
store-url: https://snapcraft.io/authd-msentraid
license: GPL-3.0
description: |
This is the MS Entra ID broker snap for authd to provide MS Entra ID OIDC based authentication on
Ubuntu with authd.
services:
authd-msentraid: simple, enabled, active
snap-id: vS3oJLMss6lgWwoFcPqYDUA2HB20I1Dc
tracking: 0.x/edge
refresh-date: today at 06:13 PDT
channels:
0.x/stable: 0.1 2024-07-18 (10) 17MB -
0.x/candidate: ↑
0.x/beta: ↑
0.x/edge: 0.1 2024-07-25 (25) 17MB -
installed: 0.1 (25) 17MB -
- authd version: please run
/usr/libexec/authd version
/usr/libexec/authd version
authd 0.3.1~ppa4
- gnome shell version: please run
apt policy gnome-shell
apt policy gnome-shell
gnome-shell:
Installed: 46.3.1-1ubuntu1~24.04.1
Candidate: 46.3.1-1ubuntu1~24.04.1
Version table:
*** 46.3.1-1ubuntu1~24.04.1 500
500 https://ppa.launchpadcontent.net/ubuntu-enterprise-desktop/authd/ubuntu noble/main amd64 Packages
100 /var/lib/dpkg/status
46.0-0ubuntu6~24.04.1 500 (phased 0%)
500 http://us.archive.ubuntu.com/ubuntu noble-updates/main amd64 Packages
46.0-0ubuntu5.1 500
500 http://security.ubuntu.com/ubuntu noble-security/main amd64 Packages
46.0-0ubuntu5 500
500 http://us.archive.ubuntu.com/ubuntu noble/main amd64 Packages
- Distribution: (NAME in
/etc/os-release)NAME="Ubuntu" - Distribution version: (VERSION_ID on
/etc/os-release):VERSION_ID="24.04"
Log files
Please redact/remove sensitive information:
Authd entries:
journalctl -u authd.service
MS Entra ID broker entries:
journalctl -u snap.authd-msentraid.authd-msentraid.service
Application settings
Please redact/remove sensitive information:
Broker configuration:
cat /var/snap/authd-msentraid/current/broker.conf
[oidc]
issuer = https://login.microsoftonline.com/<ISSUER_ID>/v2.0
client_id = <CLIENT_ID>
[users]
# The directory where the home directory will be created for new users.
# Existing users will keep their current directory.
# The user home directory will be created in the format of {home_base_dir}/{username}
home_base_dir = /home
# The username suffixes that are allowed to login via ssh without existing previously in the system.
# The suffixes must be separated by commas.
# ssh_allowed_suffixes = @example.com,@anotherexample.com
Broker authd configuration:
cat /etc/authd/brokers.d/msentraid.conf
# This section is used by authd to identify and communicate with the broker.
# It should not be edited.
[authd]
name = Microsoft Entra ID
brand_icon = /snap/authd-msentraid/current/broker_icon.png
dbus_name = com.ubuntu.authd.MSEntraID
dbus_object = /com/ubuntu/authd/MSEntraID
Relevant information
No response
Double check your logs
- [X] I have redacted any sensitive information from the logs
