Bug 55787 - Saml serviceprovider groups should evaluate nested group memberships
Summary: Saml serviceprovider groups should evaluate nested group memberships
Status: RESOLVED DUPLICATE of bug 55770
Alias: None
Product: UCS
Classification: Unclassified
Component: Keycloak
Version: UCS 5.0
Hardware: Other Linux
: P5 normal
Target Milestone: ---
Assignee: UCS maintainers
QA Contact: UCS maintainers
URL:
Keywords:
Depends on: 55085
Blocks:
  Show dependency treegraph
 
Reported: 2023-03-06 13:41 CET by Stefan Gohmann
Modified: 2023-03-07 14:30 CET (History)
3 users (show)

See Also:
What kind of report is it?: Feature Request
What type of bug is this?: 4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.046
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2023022721000453
Bug group (optional):
Customer ID:
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Gohmann univentionstaff 2023-03-06 13:41:35 CET 
The same feature is missing in Keycloak.

+++ This bug was initially created as a clone of Bug #55085 +++

With UCS 4 it was possible recursively allow access to a service provider.

e.g.:
- UserA is member of GroupB
- GroupB is member of GroupA
- GroupA is allowed to use ServiceproviderA

As UserA is recursively member of GroupA, he was allowed to accerss ServiceProviderA


With UCS 5, Groups in Groups like this scenario doesn't work anymore. Only direct memberships are working.
Comment 1 Arvid Requate univentionstaff 2023-03-07 14:30:50 CET 

*** This bug has been marked as a duplicate of bug 55770 ***