[mitreid-connect] Roles in OpenID (and when using LDAP)
Matt Hughes
hughes.matt at gmail.com
Wed Jul 22 13:55:26 EDT 2015
I’m running both the OpenID-Connect-Java-Spring-Server/openid-connect-server-webapp and the OpenID-Connect-Java-Spring-Server/sample-webapp projects.
Sample Webapp defines resources that are protected by either ROLE_USER or ROLE_ADMIN. In the connect server (IDP), user roles are stored in the database. I’m having a hard time figuring out how, once the sample webapp has the access_token, it knows what roles the users has. Is it able to extract that information out of the access_token? Or does it make a web request to the IDP asking for role info?
My next step is to try to use an LDAP server as the IDP. However, looking at the sample LDAP project, I don’t understand how roles fit into the picture there. Once a user is authenticated against an LDAP provider, how would the IDP or RP map roles onto the user?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20150722/b2e01e60/attachment.htm
More information about the mitreid-connect
mailing list