Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-16040

Add support for augmentSecurityContext script in rsfilter configuration

    XMLWordPrintable

    Details

    • Type: Story
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 7.0.1
    • Fix Version/s: 7.1.0
    • Component/s: Module - Authorization
    • Labels:

      Description

      The privileges necessary to support the org model will be assigned to users on the basis of their adminOfOrg and ownerOfOrg relationships. This means:

      1. The augmentSecurityContext must be invoked from the rs filter.  It should be invoked regardless of how a "user" was authenticated, and even in the case when user-authentication by all configured means failed.
      2. The HTTP Request object should be bound in script scope as it is in the traditional CAF-based augmentation invocation.
      3. The augmentation script should have access to the oauth2 token introspection result.  This may be achieved by verifying that context.oauth2.rawInfo resolves properly beneath the context script binding, or we may possibly need to add an additional script binding to facilitate this.
      4. The user resource that matched the subject mapping should be bound in script context as resource.
      5. The config surface must be enhanced to specify 'other fields' in the user to be queried in order to provide additional non-returned-by-default fields for consideration by security context augmentation.  This field will be an array of fields.  Specifically, for the org model, will consist of the adminOfOrg and ownerOfOrg relationship fields.

        Attachments

          Activity

            People

            Assignee:
            dhogan Dirk Hogan
            Reporter:
            dhogan Dirk Hogan
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: