Details
-
Suggestion
-
Resolution: Duplicate
-
None
Description
Currently, a client application can "see" all the principals in the directories configured for that application.
Ideally, if Allow All To Authenticate on a directory is set to False, only the principals that belong to the configured groups should be visible to the application. If Allow All To Authenticate on a directory is set to True, then the current behaviour of retrieving all groups is acceptable.
In addition to the SSC findAllPrincipalNames() method, there should be some sort of findAllAuthenticatablePrincipalNames()
Attachments
Issue Links
- blocks
-
CWD-1263 Provide flag to filter users/groups to client applications based on application's permission to authenticate.
- Closed
-
KRAK-452 Loading...
- causes
-
FE-871 Re-Sync on crowd, will add all users in the directories rather than only the ones that belong to the configured group in the crowd application
-
- Closed
-
-
BAM-4801 Integration with Crowd explodes user count
-
- Gathering Impact
-
-
EMBCWD-924 Loading...
- duplicates
-
CWD-5145 Only users who have access to applications connected to Crowd should be synchronized from Crowd to those applications
- Closed
- has a derivative of
-
CONFCLOUD-27854 Allow groups and users synced from a Crowd directory to be filtered
- Closed
-
CONFSERVER-27854 Allow groups and users synced from a Crowd directory to be filtered
- Closed
- is duplicated by
-
CWD-4469 Users are synced with the application even if they don't have permissions to login
-
- Closed
-
-
CWD-4488 Not abiding by Crowd's Allow all to authenticate - False
-
- Closed
-
- is related to
-
CWD-432 Client applications should only see groups which have been allocated to them
- Closed