[SERVER-77576] Reject authNamePrefixes which contain illegal characters Created: 30/May/23 Updated: 29/Oct/23 Resolved: 01/Jun/23 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 7.1.0-rc0, 7.0.0-rc3 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Spencer Jackson | Assignee: | Sara Golemon |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||
| Backwards Compatibility: | Minor Change | ||||||||||||||||
| Backport Requested: |
v7.0
|
||||||||||||||||
| Sprint: | Security 2023-06-12 | ||||||||||||||||
| Participants: | |||||||||||||||||
| Description |
|
We should validate that OIDC configurations contain only legal characters, at startup. Because this is technically a breaking change, which would break configurations which included these characters, we should do it before GA. |
| Comments |
| Comment by Fuat Ertunc [ 31/May/23 ] |
|
Azure allows spaces in group names for sure. But depending on set up group name or object id can be passed to service provides from Azure AD. My suggestion is to remove issuer prefixes and do not allow usage of internal roles as group name. This solution was discussed in Slack channel for another confusion regarding usage of prefixes. |