Open Closed

External authentication identity server role mapping #143


User avatar
0
saintpoida created

Hi guys,

Two questions:

  1. If a user from an external authentication has a 'role' claim set (or a mapping to a claim for role) how does that work internally in ABP? e.g. Is it just ignored if it doesnt have a matching local role name?
  2. If i wanted to map role names from claims to local roles what service or models would i need to extend or override?

Regards, Pete


2 Answer(s)
  • User Avatar
    0
    saintpoida created

    Sorry question 3

    If the incoming roles are coming in with claim name 'group' is there a configuration option i can use to automatically map that to 'role'? I have tried a heap of different config combinations but im not sure if they should work or not based on the 2 questions above

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer
    1. An externally logged user creates a local account that ignores the role claim . See https://github.com/abpframework/abp/blob/c923dfd045c1d365d849d85eeabd817ff1648e42/modules/account/src/Volo.Abp.Account.Web/Pages/Account/Login.cshtml.cs#L210
    2. You can override CreateExternalUserAsync method.
    3. There is no such configuration
Made with ❤️ on ABP v9.1.0-preview. Updated on December 13, 2024, 06:09