Pass identities to external authorization
Problem to solve
This customer has DN information but they don't use LDAP and want to use external auth. How would they pass that DN info in that user_ldap_dn field?
Intended users
Further details
As an Admin, I need to use external authentication and need the DN passed but do not use LDAP. We can also handle if it sends all of the identities and let our external auth find the one it needs.
Proposal
- Add all
identities
for the user in the payload we provide to the external authorization service.- Consider providing this information as we do in the Users API (as an array inside the
identities
key).
- Consider providing this information as we do in the Users API (as an array inside the
- Leave the
user_ldap_dn
behavior as is to not break existing behavior.
Permissions and Security
Documentation
Testing
What does success look like, and how can we measure that?
What is the type of buyer?
Links / references
Current documentation describing DN can only be passed when using LDAP: https://docs.gitlab.com/ee/user/admin_area/settings/external_authorization.html#how-it-works