Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-13301

Investigation: run as authentication with users that have delegated admin based roles

    Details

      Description

      The related Jira bug was created because when performing operations with a run as user that has delegated admin roles, those roles are not being applied.

      The goal in this story is to investigate the amount of Delegated Admin support that was provided in the run as module wrapper, if any, and devise a plan to the work that will need to be done in order to support this.

       

      Results:

      • RunAsModuleWrapper needs to preserve the calculated roles in the AttributesContext "authzRoles"
      • RunAsModuleWrapper needs to set the queryId to that of the runAsProperties queryId
      • IDMAuthModuleWrapper should use the principalName for resource query if enabbleDynamicRoles and the moduleId is INTERNAL_USER and the the principalName does not equal the authorizationAuthenticationId. This in order to query the resource for the runAs user instead of attempting to query openidm_admin.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                katie.gonzalez Katie Gonzalez
                Reporter:
                katie.gonzalez Katie Gonzalez
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: