[CWD-1348] Client applications should only see principals which have been authorised to access the application

Type: Suggestion
Resolution: Duplicate
Fix Version/s: None
Component/s: Core features
Labels:
- cl

Current Status:

Hide

Atlassian Update - 08 November 2019

This feature request is currently tracked at CWD-5145 Only users who have access to applications connected to Crowd should be synchronized from Crowd to those applications. Please watch that issue for further updates.

Show
Atlassian Update - 08 November 2019 This feature request is currently tracked at CWD-5145 Only users who have access to applications connected to Crowd should be synchronized from Crowd to those applications . Please watch that issue for further updates.
Feedback Policy:

Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

Currently, a client application can "see" all the principals in the directories configured for that application.

Ideally, if Allow All To Authenticate on a directory is set to False, only the principals that belong to the configured groups should be visible to the application. If Allow All To Authenticate on a directory is set to True, then the current behaviour of retrieving all groups is acceptable.

In addition to the SSC findAllPrincipalNames() method, there should be some sort of findAllAuthenticatablePrincipalNames()

blocks

CWD-1263 Provide flag to filter users/groups to client applications based on application's permission to authenticate.

Closed

KRAK-452 You do not have permission to view this issue

causes

FE-871 Re-Sync on crowd, will add all users in the directories rather than only the ones that belong to the configured group in the crowd application

Closed

BAM-4801 Integration with Crowd explodes user count

Closed

EMBCWD-924 Failed to load

duplicates

CWD-5145 Only users who have access to applications connected to Crowd should be synchronized from Crowd to those applications

Closed

has a derivative of

CONFCLOUD-27854 Allow groups and users synced from a Crowd directory to be filtered

Closed

CONFSERVER-27854 Allow groups and users synced from a Crowd directory to be filtered

Closed

is duplicated by

CWD-4469 Users are synced with the application even if they don't have permissions to login

Closed

CWD-4488 Not abiding by Crowd's Allow all to authenticate - False

Closed

is related to

CWD-432 Client applications should only see groups which have been allocated to them

Closed

mentioned in: Page Loading...; Page Loading...

(1 duplicates, 2 has a derivative of, 2 is duplicated by, 1 is related to, 2 mentioned in)

Monique Khairuliana (Inactive) made changes - 08/Nov/2019 9:08 AM

Current Status

Original: {panel:title=Atlassian Update - 08 November 2019|borderStyle=solid|borderColor=#3C78B5|titleBGColor=#3C78B5|titleColor=#FFFFFF|bgColor=#E7F4FA}

This issue has been duplicated by the issue at [~~CWD-5145~~ Only users who have access to applications connected to Crowd should be synchronized from Crowd to those applications|https://jira.atlassian.com/browse/CWD-5145]. Please watch that issue for further updates.

{panel}

New: {panel:title=Atlassian Update - 08 November 2019|borderStyle=solid|borderColor=#3C78B5|titleBGColor=#3C78B5|titleColor=#FFFFFF|bgColor=#E7F4FA}

This feature request is currently tracked at [~~CWD-5145~~ Only users who have access to applications connected to Crowd should be synchronized from Crowd to those applications|https://jira.atlassian.com/browse/CWD-5145]. Please watch that issue for further updates.

{panel}

Monique Khairuliana (Inactive) made changes - 08/Nov/2019 8:50 AM

Current Status		New: {panel:title=Atlassian Update - 08 November 2019\|borderStyle=solid\|borderColor=#3C78B5\|titleBGColor=#3C78B5\|titleColor=#FFFFFF\|bgColor=#E7F4FA} This issue has been duplicated by the issue at [~~CWD-5145~~ Only users who have access to applications connected to Crowd should be synchronized from Crowd to those applications\|https://jira.atlassian.com/browse/CWD-5145]. Please watch that issue for further updates. {panel}
Description	Original: Currently, a client application can "see" all the principals in the directories configured for that application. Ideally, if Allow All To Authenticate on a directory is set to False, only the principals that belong to the configured groups should be visible to the application. If Allow All To Authenticate on a directory is set to True, then the current behaviour of retrieving all groups is acceptable. In addition to the SSC findAllPrincipalNames() method, there should be some sort of findAllAuthenticatablePrincipalNames()	New: Currently, a client application can "see" all the principals in the directories configured for that application. Ideally, if Allow All To Authenticate on a directory is set to False, only the principals that belong to the configured groups should be visible to the application. If Allow All To Authenticate on a directory is set to True, then the current behaviour of retrieving all groups is acceptable. In addition to the SSC findAllPrincipalNames() method, there should be some sort of findAllAuthenticatablePrincipalNames()

Monique Khairuliana (Inactive) made changes - 08/Nov/2019 8:50 AM

Description

Original: {panel:title=Atlassian Status as of 27 April 2011|borderStyle=solid|borderColor=#3C78B5| titleBGColor=#3C78B5| bgColor=#E7F4FA}

Hi folks,

Thanks for your continued support and feedback, we wanted to give you an update on the status of this issue.

Over the medium term, the direction we're taking with Crowd is to focus on scalability, reliability and performance. Unfortunately, it means that this feature is unlikely to be included in any near-term improvements to the product, as workflows and management don't align with our future direction.

We are aware of the issue, and recognise that it is something that needs to be done, however, it's unrealistic that it will ship within the next 18 months.

Regards,
Eugene
Atlassian Product Management

{panel}

Currently, a client application can "see" all the principals in the directories configured for that application.

Ideally, if Allow All To Authenticate on a directory is set to False, only the principals that belong to the configured groups should be visible to the application. If Allow All To Authenticate on a directory is set to True, then the current behaviour of retrieving all groups is acceptable.

In addition to the SSC findAllPrincipalNames() method, there should be some sort of findAllAuthenticatablePrincipalNames()

New:
Currently, a client application can "see" all the principals in the directories configured for that application.

Ideally, if Allow All To Authenticate on a directory is set to False, only the principals that belong to the configured groups should be visible to the application. If Allow All To Authenticate on a directory is set to True, then the current behaviour of retrieving all groups is acceptable.

In addition to the SSC findAllPrincipalNames() method, there should be some sort of findAllAuthenticatablePrincipalNames()

Monique Khairuliana (Inactive) made changes - 08/Nov/2019 8:47 AM

Resolution	Original: Won't Fix [ 2 ]	New: Duplicate [ 3 ]
Status	Original: Closed [ 6 ]	New: Closed [ 6 ]

Monique Khairuliana (Inactive) made changes - 08/Nov/2019 8:16 AM

Link

New: This issue duplicates ~~CWD-5145~~ [ ~~CWD-5145~~ ]

Katherine Yabut made changes - 19/Sep/2019 5:51 AM

Workflow	Original: JAC Suggestion Workflow [ 3363195 ]	New: JAC Suggestion Workflow 3 [ 3629100 ]
Status	Original: RESOLVED [ 5 ]	New: Closed [ 6 ]

Monique Khairuliana (Inactive) made changes - 15/Aug/2019 6:46 AM

Workflow	Original: Simplified Crowd Development Workflow v2 [ 1392413 ]	New: JAC Suggestion Workflow [ 3363195 ]
Assignee	Original: David O'Flynn [Atlassian] [ doflynn ]
Issue Type	Original: New Feature [ 2 ]	New: Suggestion [ 10000 ]

Ahmad Faridi made changes - 18/Jul/2019 7:58 AM

Remote Link

New: This issue links to "Page (Confluence)" [ 437616 ]

vkharisma made changes - 01/Apr/2017 2:12 PM

Link

New: This issue has a derivative of ~~CONFCLOUD-27854~~ [ ~~CONFCLOUD-27854~~ ]

Pawel Niegowski (Inactive) made changes - 28/Feb/2017 1:49 PM

Remote Link

New: This issue links to "KRAK-452 (JIRA Server (Bulldog))" [ 265639 ]

Assignee:: Unassigned

Reporter:: Partha

Votes:: 36 Vote for this issue

Watchers:: 37 Start watching this issue

Created:: 09/Dec/2008 12:12 AM

Updated:: 08/Nov/2019 9:08 AM

Resolved:: 08/Nov/2019 8:47 AM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates