-
Notifications
You must be signed in to change notification settings - Fork 392
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
reverseProxyAuth: If user has more groups than configured then login fails #2851
Comments
Hi @brunnels |
@EvgeniaBzzz I'm not sure I would want it to create the teams. I just want it to ignore any groups sent in the proxy header that don't exist in the cloudbeaver config. |
Let me ask, what is the purpose of adding additional non-existent groups to the upstream auth? |
@EvgeniaBzzz It's a standard thing. The upstream reverse proxy is backed by ldap. This would automatically send any groups the user is a member of in the |
Ok, thanks for the clarification |
Hey, I struggel with the same issue, but for me it would nice to have the teams automatically created as I filter the forwarded groups already in keycloak. Maybe a configuration like „createUnkownTeams“ would be nice! :) |
@elixxx thanks for your comment, we will try to come up with a solution that will suit everyone |
I had this working well when my user was only a member of 2 groups and I configured the groups in initial-data.conf
When I added an additional group to the user in my upstream auth, causing the reverse proxy auth header to contain more groups, I was no longer able to login and was presented with this in the logs:
Here's my auth config as well
I can resolve the issue by adding the qsync group to my config but I don't believe I should need to do this because cloudbeaver should be able to deal with a user being a member of a group it doesn't know about.
The text was updated successfully, but these errors were encountered: