Tobias opened 2 months ago
|
|||||
OneDev get group ids via groups claim, then calls ms graph api to get associated group names. And OneDev account will be assigned to same OneDev group if it exists. The code to call ms graph api to get group names: |
|||||
The code helped to solve the problem, thank you very much. We have now used the single sign-on provider OpenID. Now all groups of the user who wants to log in to OneDev using EntraID are queried. We have entered the following data:
The following settings are set for the groups claim:
|
|||||
So at your side, the id token will return group name directly instead of group uuid, and you don't need to call graph api to convert to group name? |
|||||
In the setup with EntraID as the single sign-on provider, we would have had to convert the group ID to the group names. Here the ID in the group claim settings was set to "Group ID" and not all of the user's groups were returned. With the sAMAccountName ID setting, the group name is returned, eliminating the need for conversion. |
|||||
Since switching to the sign-on provider OpenID, an error has been appearing in our server log. I could not find a connection with a login to the OneDev server.
|
|||||
Is this affecting your login? Are you able to reproduce this? |
|||||
I am still clarifying whether the error only occurs when a specific user logs in. The logins are not affected by the error for any user. We are currently running AD login (External Authenticator/AD) and EntraID login (SSO/OpenID) in parallel. |
|||||
Robin Shen changed state to 'Closed' 1 month ago
|
|||||
Unable to reproduce. Reopen if there is more info. |
Type |
Question
|
Priority |
Normal
|
Assignee | |
Labels |
No labels
|
Hi Robin,
we are using EntraID as a link between two domains. We synchronize certain groups from each domain to EntraID. Reference onedev/server#1719 The group names used for the local AD login are the same as for EntraID since they are synchronized to EntraID.
The login via EntraID works, the group assignment only works if a specific dynamic EntraID group has been created in OneDev.
Are there any issues with local synchronized groups? How exactly do you query the groups in EntraID?
Is it possible to get more information about the request and authentication with external authentication in the server log, perhaps with a label in the Docker container?