Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.
If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!
ProGet SAML group claims
-
Hi, I'm just wondering what the status is on supporting group claims from a SAML auth connection.
Is this available in 2022 or is it still in the works ?
-
Hi @jblaine_9526 ,
I can't find anything about SAML group claims on our internal roadmap... is there a ticket/forum post about it that I missed?
Cheers,
Alana
-
Nope, that's my bad.
I was just going off of the documentation here: https://docs.inedo.com/docs/various-saml-overview?highlight=saml
under the Technical Limitations section that says:
"At this time, role-based permissions are not automatically resolved from the identity provider, and must be configured within the Inedo product itself under the associated directory provider, and may require adding users to groups in the Inedo product for granular permissions"I just assumed that this was on the roadmap to be done since it was listed on the documentation.
Sorry about that....
That being said, being able to use SAML group/role claims would be wonderful! :)
-
@jblaine_9526 Thanks for clarifying!
I think SAML integration is one of those "write-once" things, where we completely forget about how it works every time
I'm not so familiar with SAML behind the scenes... do you know how "SAML group claims" work? For example...
- Is it something that comes back in the XML response, or does it require a separate request?
- What do the "group claims" look like? Like a list of human-readable group names?
And them most importantly... what should ProGet do with such claims upon receipt? Treat the user as if they're in the group (kind of like LDAP groups), and allow permissions to be assigned against that group (like LDAp, but without searching)?
