Bug 1480005

Summary: Allow groups to be associated with IDPs
Product: [Community] Bugzilla Reporter: Jeff Fearn 🐞 <jfearn>
Component: ExtensionsAssignee: Jeff Fearn 🐞 <jfearn>
Extensions sub component: SAML2Auth QA Contact: tools-bugs <tools-bugs>
Status: CLOSED NEXTRELEASE Docs Contact:
Severity: unspecified    
Priority: unspecified    
Version: 5.0   
Target Milestone: 5.0   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 5.0.3.rh34 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-11-20 04:12:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jeff Fearn 🐞 2017-08-09 22:12:02 UTC 
Description of problem:
In addition to being able to restrict who can use an IDP we need the ability to force a group to use an IDP. The requirement here is to be able to force specific groups to use a two factor IDP and not use a single factor IDP or fallback to password login in the web UI.

Version-Release number of selected component (if applicable):
5.0

How reproducible:
Easy

Steps to Reproduce:
1. Try and limit the admin group to a two factor IDP.

Actual results:
You can't.

Expected results:
You can.

Additional info:
Comment 1 Jeff Fearn 🐞 2017-08-09 22:20:32 UTC 
Psst future me, don't forget to amend the IDP configuration script to remove the regex limitation from the external IDP.
Comment 2 Jeff Fearn 🐞 2017-11-16 07:02:05 UTC 
Working as expected and admin group is banned from customer IDP by default.
Comment 3 Jeff Fearn 🐞 2017-11-20 04:12:13 UTC 
This bug has been fixed and is now deployed on the beta site.

https://beta-bugzilla.redhat.com/