Uploaded image for project: 'translate5'
  1. translate5
  2. TRANSLATE-2585

Evaluate auto_set_role acl for OpenID authentications

    XMLWordPrintable

Details

    • Critical
    • All missing mandatory translate roles for users authentication via SSO will be automatically added.

    Description

      Problem

      The evaluation for the required user roles via acl (auto_set_role) is missing when OpenID user is created/updated. This leads to a "unable to authenticate" problem if such auto_set_role (ex: editor) is not provided from the SSO provider. 

      Example when this can happen:

      1. User is authenticated in translate5 via SSO
      2. The roles for this user returned from the SSO provider are: admin,pm
      3. The valid roles for the domain/customer (definable in the customers panel) are editor,admin,pm
      4. translate5 will set admin,pm as valid roles for the user, and it will try to authenticate internally
      5. since editor role is missing from the user roles, and the editor role is must-have role when the user has admin or pm role, translate5 will not allow this user to be authenticated.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. TRANSLATE-1552 Auto set needed ACL roles

          • Done

          Activity

            People

              aleksandar Aleksandar Mitrev
              aleksandar Aleksandar Mitrev
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: