15
Views
2
Comments
Solved
[Microsoft Login Connector Core] Sync roles removing other application rolesGood afternoon,    As we are exploring log
Forge component by Miguel Amado
0
Published on 03 Sep 2020

Good afternoon,


As we are exploring login with Microsoft Azure, we were taking a closer look to the action SyncRoles to make sure the user has his roles up to date when he logs in.

As we were taking a look, we realized the following:

  • Usually, Azure applications login payload only includes the application roles (e.g. AppA Manager) and does not include roles the same user has on other applications (e.g. AppB Manager);
  • The action will revoke from the user all his current roles in OutSystems database and add the new ones (see code screenshot below);
  • Given the scenario where user is AppA Manager and AppBManager, if we run this sync after user logins via AzureAD in AppA, his AppB Manager role would be revoked. When the user opened another tab for AppB he would not have access.

Do you foresee a new version where this situation gets handled?

For instance, when registering a new application on the Management application, register the roles of that application (like it is done with eSpaces and resources) and adapt the SyncRoles to only revoke the application roles?


Thanks in advance.

Best regards,

João Marques

Rank: #95
Solution

Hi,


There is a new version of the component which includes this fix.


Cheers,

João Marques

Hi João,

Thank you for brining this to our attention. I will try to take a look at this as soon as possible. Please note that this will take some time since I'm very busy with some other projects that require my attention.

Greetings,

Vincent

Rank: #95
Solution

Hi,


There is a new version of the component which includes this fix.


Cheers,

João Marques