k-space/dex
Archived
11
0
Fork 0
Code Issues Pull Requests Packages Projects Activity

connector/saml: add 'FilterGroups' setting

Browse Source 
This should make AllowedGroups equivalent to an LDAP group filter:

When set to true, only the groups from AllowedGroups will be included in the
user's identity.

Signed-off-by: Stephan Renatus <srenatus@chef.io>
This commit is contained in:
Stephan Renatus
2020-05-11 11:42:26 +02:00
parent d87cf1c924
commit 4a0feaf589
3 changed files with 34 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Documentation/connectors/saml.md
View File

@@ -18,6 +18,8 @@ The connector doesn't support signed AuthnRequests or encrypted attributes.
The SAML Connector supports providing a whitelist of SAML Groups to filter access based on, and when the `groupsattr` is set with a scope including groups, Dex will check for membership based on configured groups in the `allowedGroups` config setting for the SAML connector.
If `filterGroups` is set to true, any groups _not_ part of `allowedGroups` will be excluded.
## Configuration
```yaml