Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GroupClaimName not used to map user to team #19555

Closed
Morriz opened this issue Apr 29, 2022 · 4 comments · Fixed by #21441
Closed

GroupClaimName not used to map user to team #19555

Morriz opened this issue Apr 29, 2022 · 4 comments · Fixed by #21441
Labels
type/feature Completely new functionality. Can only be merged if feature freeze is not active.

Comments

@Morriz
Copy link

Morriz commented Apr 29, 2022

Description

Hi, I consider this a bug, but you decide:

According to this merged PR https://github.com/go-gitea/gitea/pull/16766/files#diff-190f875ffe99e881bafbd2fae54d5099c9d52bf13bd7c9a3ba434323e82078af it would now be possible to map content of OIDC claim name to teams, so that setting GroupClaimName to "groups", and seeing a JWT with "groups" claim containing ["bla"], would try to add the user to team bla if it exists.

The adminGroup is correctly identified, so the parts are already working I think.

Gitea Version

1.16.6

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

helm chart with image running version mentioned above.

Database

PostgreSQL
@Morriz
Copy link
Author

Morriz commented Apr 29, 2022

reference post from @zeripath: #10016 (comment)

@zeripath
Copy link
Contributor

It never promised to do this.

@Morriz
Copy link
Author

Morriz commented Apr 29, 2022
edited
Loading

Ah, to me it gave that impression when I saw those options. Would it be hard to map the groups claim to teams? Should this be converted into a feature request then?

@kdumontnu kdumontnu mentioned this issue Sep 13, 2022
Closed
@KN4CK3R KN4CK3R mentioned this issue Oct 13, 2022
Merged
@KN4CK3R
Copy link
Member

KN4CK3R commented Oct 13, 2022

Implemented this in #21441, please test it.

@KN4CK3R KN4CK3R added the type/feature Completely new functionality. Can only be merged if feature freeze is not active. label Oct 13, 2022
@mpuch12 mpuch12 mentioned this issue Dec 5, 2022
Open
lunny added a commit that referenced this issue Feb 8, 2023
@KN4CK3R @lunny
Map OIDC groups to Orgs/Teams (#21441)
e8186f1 
Fixes #19555

Test-Instructions:
#21441 (comment)

This PR implements the mapping of user groups provided by OIDC providers
to orgs teams in Gitea. The main part is a refactoring of the existing
LDAP code to make it usable from different providers.

Refactorings:
- Moved the router auth code from module to service because of import
cycles
- Changed some model methods to take a `Context` parameter
- Moved the mapping code from LDAP to a common location

I've tested it with Keycloak but other providers should work too. The
JSON mapping format is the same as for LDAP.


![grafik](https://user-images.githubusercontent.com/1666336/195634392-3fc540fc-b229-4649-99ac-91ae8e19df2d.png)

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
@kdumontnu kdumontnu mentioned this issue Mar 29, 2023
Open
7 tasks
@go-gitea go-gitea locked and limited conversation to collaborators May 3, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
type/feature Completely new functionality. Can only be merged if feature freeze is not active.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Map OIDC groups to Orgs/Teams KN4CK3R/gitea
4 participants
@techknowlogick @Morriz @KN4CK3R @zeripath