Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Feature] Support application roles for Identity Server and support RBAC for apps #16363

Closed
AnuradhaSK opened this issue Aug 3, 2023 · 9 comments

Comments

@AnuradhaSK
Copy link
Contributor

AnuradhaSK commented Aug 3, 2023

Is your feature request related to a problem? Please describe.
Role-based access control (RBAC) is a widely used access control mechanism for B2E and B2B applications. To support RBAC, API resource management, API Authorization to applications, application role management, and application role-based scope validation are key features to have in the IAM solution.

Describe the solution you would prefer

  • Implement roles management catering organization level role mgt and application level role mgt
  • Ability to assign userstore groups and locally managed users to roles in the newly implemented model
  • Ability to assign federated idp groups to roles in the newly implemented model
  • Use these roles for scope validation and support RBAC
  • Ability to share roles of B2B applications when sharing the app with sub org
  • Use these roles in XACML policies
  • Add an adaptive script functions to consume application roles of a user during adaptive scripts
@Achintha444
Copy link

@AnuradhaSK
Copy link
Contributor Author

AnuradhaSK commented Oct 15, 2023

BE PRs

DB schema due to RoleV2 service

OSGi service improvements to existing role module and new OSGi service for RoleV2 mgt

SCIM and Charon Changes for Role V2 support

Add access control and /o/ path support for /scim2/v2/Roles endpoint

Capability to associate roles in the new model with an application

Shared role managing event handler

Scope Validator Improvements

Kernel level improvements for Role V2

Event handlers updates related to Role V2

Config to enable/disable legacy authz runtime

Admin role system permissions update

Scope Validator implementation

** Return roles from suborganizations to parent org always to support RBAC for shared apps**

App associated roles resolver implementation

@asekawa
Copy link

asekawa commented Oct 26, 2023

Identified bugs
1.UI issues in groups assign section in the roles tab - #17235
2.Two Add roles buttons are visible in the roles section- #17236

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Archived in project
Development

No branches or pull requests

6 participants