Uploaded image for project: 'Ansible Automation Platform RFEs'
  1. Ansible Automation Platform RFEs
  2. AAPRFE-985

Ability to use groups for organisation mapping Thru SAML

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False

      Copy of mail from Customer Triodos Bank:

      this is my feedback about the Enterprise Authentication with SAML. Maybe the feedback can be used to improve the Ansible Automation Platform in the future.

      We have configured the Ansible Automation Controller 2.4 with Enterprise Authentication and SAML and Azure Multi Factor Authentication.

      I was able to configue everything with Active Directory groups (Teams, is_superuser) except for the Organizations.

      We have multiple organizations (Test and Prod) and I would like to explicitly assign a user to an Organization via Active Directory groups.

      The controller expects an array of organizations. With an array it is working fine but not with groups.

      It does work with groups if you are using LDAP authentication.

       

      I expected that the configuration for the SAML Organization Attribute Mapping would be like below (like as for Teams).

      The group then represents an organization. Unfortunately it does not work like this.

       

      SAML Organization Attribute Mapping:

      {

        "remove": true,

        "saml_attr": http://schemas.microsoft.com/ws/2008/06/identity/claims/groups,

        "organization_map": [

         

      {       "organization_alias": "OrgTest",       "organization": "DOMAIN\\MGA_GL_SG_Ansible_OrgTest"     }

        ]

      }

       

      See also:

      https://www.ansible.com/blog/mapping-saml-attributes-to-red-hat-ansible-automation-platform-organizations-and-teams

      Has also been discussed in case 03561767.

       

              bcoursen@redhat.com Brian Coursen
              fvanzwie@redhat.com Fredericus van Zwieten
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: