-
Type:
Improvement
-
Status: Needs Verification (View Workflow)
-
Priority:
Medium
-
Resolution: Unresolved
-
Affects Version/s: 1.5, 2.11.0
-
Fix Version/s: None
-
Component/s: Integration/Connectors
-
Labels:
-
Epic Link:
When a directory is associated with an application in Crowd, all users and groups returned by the scope of the directory configuration are displayed in client applications. We should provide the ability to filter users/groups for client apps based on the ability to authenticate in the client app.
- Setup an LDAP server with users, only some are added to a group.
- Add the LDAP directory to crowd
- Login to crowd and under Applications, click on "Add Application".
- In the directories tab, remove the internal directory and add the LDAP directory (allow all to authenticate = false)
- In the groups tab, add the LDAP group
- Go to the users tab.
Expected: Only users from the LDAP group to be present, the rest have no permission to authenticate and are not part of the valid groups.
Actual: All users from the directory are present.
This is a design decision in Crowd, as most customers want all users and groups to be present, regardless of the ability to authenticate. We may consider providing a toggle for this behaviour in the future, but it's not on a roadmap at present.
- blocks
-
BAM-4801 Integration with Crowd explodes user count
-
- Open
-
-
JSDSERVER-5437 Indicate in JSD when customer is in Crowd and has no permission to authenticate
- Gathering Interest
-
-
- Gathering Interest
-
- causes
-
-
- Closed
-
- is blocked by
-
CWD-1348 Client applications should only see principals which have been authorised to access the application
-
- Resolved
-
-
-
- Verified
-
- is duplicated by
-
-
- Closed
-
- was cloned as
-
KRAK-452 Loading...
