Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow Use of Roles Field With Cognito Auth if Present #852

Open
2 tasks done
noce2 opened this issue Feb 20, 2025 · 4 comments
Open
2 tasks done

Allow Use of Roles Field With Cognito Auth if Present #852

noce2 opened this issue Feb 20, 2025 · 4 comments
Assignees
@germanosin
Labels
area/auth App authentication related issues status/triage/completed Automatic triage completed status/triage/manual Manual triage in progress type/feature A brand new feature
Milestone
1.2

Comments

@noce2
Copy link

noce2 commented Feb 20, 2025

Issue submitter TODO list

  • I've searched for an already existing issues here
  • I'm running a supported version of the application which is listed here and the feature is not present there

Is your proposal related to a problem?

I would like to use the full Cognito setup for Authentication and RBAC described in the docs, however it doesn't work for my use case because I have a SAML identity provider configured on my UserPool which adds the relevant group of the user as a custom attribute in the Access Token.

To work around this, I have had to configure RBAC as follows:

        custom-params:
          type: oauth
          roles-field: mynamespace:attribute

The downside of this is that my logout functionality does not work and I get the below because the cognito logout url cannot be specified.

Image

Describe the feature you're interested in

Looking through

kafka-ui/api/src/main/java/io/kafbat/ui/service/rbac/extractor/CognitoAuthorityExtractor.java

Line 63 in 49894b8

List<String> groups = principal.getAttribute(COGNITO_GROUPS_ATTRIBUTE_NAME);

I would like to allow an attribute name to be specified as is done for the OAuth

kafka-ui/api/src/main/java/io/kafbat/ui/service/rbac/extractor/OauthAuthorityExtractor.java

Line 76 in 49894b8

var rolesFieldName = provider.getCustomParams().get(ROLES_FIELD_PARAM_NAME);

falling back to the specified default above if it is unset.

I would be happy to work on this and raise a PR if this is approved.

Describe alternatives you've considered

No response

Version you're running

4cf17a0 v1.1.0

Additional context

No response
@noce2 noce2 added status/triage Issues pending maintainers triage type/feature A brand new feature labels Feb 20, 2025
@kapybro kapybro bot added area/auth App authentication related issues status/triage/manual Manual triage in progress status/triage/completed Automatic triage completed and removed status/triage Issues pending maintainers triage labels Feb 20, 2025
@github-actions GitHub Actions
Copy link

Hi noce2! 👋

Welcome, and thank you for opening your first issue in the repo!

Please wait for triaging by our maintainers.

As development is carried out in our spare time, you can support us by sponsoring our activities or even funding the development of specific issues.
Sponsorship link

If you plan to raise a PR for this issue, please take a look at our contributing guide.

@germanosin
Copy link
Member

Hi, @noce2
Nice catch, we will try to fix it in the next release

@germanosin germanosin self-assigned this Feb 20, 2025
@germanosin germanosin added this to the 1.2 milestone Feb 20, 2025
@noce2
Copy link
Author

noce2 commented Feb 21, 2025
edited
Loading

Hi, @noce2 Nice catch, we will try to fix it in the next release

Thanks @germanosin , do let me know if it's something I can contribute to.

@Haarolean
Copy link
Member

@noce2 sure, please raise a PR 😊

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@germanosin germanosin

Labels
area/auth App authentication related issues status/triage/completed Automatic triage completed status/triage/manual Manual triage in progress type/feature A brand new feature
Projects
Release 1.2
Status: Todo
Milestone
1.2
Development

No branches or pull requests
3 participants
@germanosin @Haarolean @noce2