[SERVER-73205] Test all combinations of authn mechanisms and authz backends Created: 23/Jan/23 Updated: 03/Feb/23 |
|
| Status: | Open |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Varun Ravichandran | Assignee: | Backlog - Security Team |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Assigned Teams: |
Server Security
|
| Participants: |
| Description |
|
It's now possible for up to 3 different authentication mechanisms to be used on the `$external` database for authorization - OIDC, LDAP, and X.509. After SERVER-73208, OIDC access tokens will be able to be used for authentication only and derive roles from other sources (mostly internal user documents, but also potentially LDAP roles). We should consider adding a test that ensures that a server can be configured with various combinations of authentication mechanisms and authorization backends and handle them appropriately. |