eliott/ocis
1
0
Fork 0
mirror of https://github.com/owncloud/ocis synced 2026-04-26 01:35:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

proxy: Rework oidc role mapper to allow multiple matching roles

Browse Source 
If multiple claims values have a valid matching for ocis roles, we'll pick
the ocis role that appears first in the mapping configuration.
This commit is contained in:
Ralf Haferkamp
2023-04-13 13:40:14 +02:00
committed by Ralf Haferkamp
parent b9dc2baaed
commit 6059747491
7 changed files with 123 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
services/proxy/pkg/config/defaults/defaultconfig.go
View File

@@ -60,11 +60,11 @@ func DefaultConfig() *config.Config {
// this default is only relevant when Driver is set to "oidc"
OIDCRoleMapper: config.OIDCRoleMapper{
RoleClaim: "roles",
RoleMapping: map[string]string{
"admin": "ocisAdmin",
"spaceadmin": "ocisSpaceAdmin",
"user": "ocisUser",
"guest": "ocisGuest",
RolesMap: []config.RoleMapping{
config.RoleMapping{RoleName: "admin", ClaimValue: "ocisAdmin"},
config.RoleMapping{RoleName: "spaceadmin", ClaimValue: "ocisSpaceAdmin"},
config.RoleMapping{RoleName: "user", ClaimValue: "ocisUser"},
config.RoleMapping{RoleName: "guest", ClaimValue: "ocisGuest"},
},
},
},