Bug 55787 – Saml serviceprovider groups should evaluate nested group memberships

Bug 55787 - Saml serviceprovider groups should evaluate nested group memberships


Summary:	Saml serviceprovider groups should evaluate nested group memberships

Status:	RESOLVED DUPLICATE of bug 55770

Product:	UCS
Classification:	Unclassified
Component:	Keycloak
Version:	UCS 5.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	UCS maintainers
QA Contact:	UCS maintainers

URL:
Keywords:

Depends on:	55085
Blocks:
	Show dependency tree / graph

Reported:	2023-03-06 13:41 CET by Stefan Gohmann
Modified:	2023-03-07 14:30 CET (History)
CC List:	3 users (show)

See Also:
What kind of report is it?:	Feature Request
What type of bug is this?:	4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?:	1: Will affect a very few installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.046
Enterprise Customer affected?:
School Customer affected?:	Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2023022721000453
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Gohmann

2023-03-06 13:41:35 CET

The same feature is missing in Keycloak.

+++ This bug was initially created as a clone of Bug #55085 +++

With UCS 4 it was possible recursively allow access to a service provider.

e.g.:
- UserA is member of GroupB
- GroupB is member of GroupA
- GroupA is allowed to use ServiceproviderA

As UserA is recursively member of GroupA, he was allowed to accerss ServiceProviderA


With UCS 5, Groups in Groups like this scenario doesn't work anymore. Only direct memberships are working.

Comment 1 Arvid Requate

2023-03-07 14:30:50 CET


*** This bug has been marked as a duplicate of bug 55770 ***