Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-73205

Test all combinations of authn mechanisms and authz backends

    XMLWordPrintableJSON

Details

    • Icon: Task Task
    • Resolution: Unresolved
    • Icon: Major - P3 Major - P3
    • None
    • None
    • None
    • None
    • Server Security

    Description

      It's now possible for up to 3 different authentication mechanisms to be used on the `$external` database for authorization - OIDC, LDAP, and X.509. After SERVER-73208, OIDC access tokens will be able to be used for authentication only and derive roles from other sources (mostly internal user documents, but also potentially LDAP roles).

      We should consider adding a test that ensures that a server can be configured with various combinations of authentication mechanisms and authorization backends and handle them appropriately.

      Attachments

        Activity

          People

            backlog-server-security Backlog - Security Team
            varun.ravichandran@mongodb.com Varun Ravichandran
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: