Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support display_groups and display_users #290

Open
gdestuynder opened this issue May 7, 2018 · 0 comments
Open

Support display_groups and display_users #290

gdestuynder opened this issue May 7, 2018 · 0 comments

Comments

@gdestuynder
Copy link
Contributor

gdestuynder commented May 7, 2018
edited by ghost
Loading

ie:

- application: ....
  authorized_groups: [xxx]
  display_groups: [yyy]

In this situation, the tile will be displayed to yyy, but xxx will have access. This is useful for certain use cases where it's difficult to match access with display due to RP shortcomings.

In general, you'd set this up to have display_groups be a known-possible-subset of authorized_groups (including authorized_groups: [everyone]) for this setup to make sense.

This also solves the "egencia" RP use case a little better, i.e. RPs with the same client id, but different login URLs, where the URL depends on which group you're in for other purposes than access control

NOTE: This also means that authorized_groups and authorized_users are still used for display IF display_groups and display_users are null or not present, as fallback.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gdestuynder