[SERVER-77576] Reject authNamePrefixes which contain illegal characters Created: 30/May/23  Updated: 29/Oct/23  Resolved: 01/Jun/23

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 7.1.0-rc0, 7.0.0-rc3

Type: Task Priority: Major - P3
Reporter: Spencer Jackson Assignee: Sara Golemon
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Depends
Documented
is documented by DOCS-16169 [SERVER] Investigate changes in SERVE... Closed
Backwards Compatibility: Minor Change
Backport Requested:
v7.0
Sprint: Security 2023-06-12
Participants:

 Description   

We should validate that OIDC configurations contain only legal characters, at startup. Because this is technically a breaking change, which would break configurations which included these characters, we should do it before GA.



 Comments   
Comment by Fuat Ertunc [ 31/May/23 ]

Azure allows spaces in group names for sure. But depending on set up group name or object id can be passed to service provides from Azure AD. My suggestion is to remove issuer prefixes and do not allow usage of internal roles as group name. This solution was discussed in Slack channel for another confusion regarding usage of prefixes.

Generated at Thu Feb 08 06:35:59 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.