Indirect Role Assignment is not handled correctly #20
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
When using the attribute provider, one must configure a Match Role for the endpoint. Only users who have that role are considered valid for having their user attribute exported.
This check however only functions correctly when a user is directly assigned to a role. If a user is in a group and that group has the role, the check seems to fail because I observe that my user attribute is not included in the export.
Interestingly, as admin I can see the mailing list address attributes for my user, but logged in as myself, I do not see them. Not sure if this is the same issue, or something else.
@lilly I'll look into that
@stb wrote in #20 (comment):
When you say "I can see": Do you mean via the endpoints-provider api endpoint or the Keycloak UI?
The endpoint works only for a user, that has the configured
Auth Role@kritzl wrote in #20 (comment):
My mistake, the attribute visibility was configured to only show the attribute to admins (which the user stb is not).