<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 08:15:29 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[DOCS-16487] Investigate changes in SERVER-81631: Make authorizationClaim OIDC IdP configuration field optional</title>
                <link>https://jira.mongodb.org/browse/DOCS-16487</link>
                <project id="10380" key="DOCS">Documentation</project>
                    <description>    &lt;div class=&quot;panel&quot; style=&quot;background-color: #c2d2c2;border-width: 1px;&quot;&gt;&lt;div class=&quot;panelHeader&quot; style=&quot;border-bottom-width: 1px;background-color: #239eb0;&quot;&gt;&lt;b&gt;Original Downstream Change Summary&lt;/b&gt;&lt;/div&gt;&lt;/div&gt;
&lt;p&gt;    This change adds a new field to the oidcIdentityProviders server parameter called `useAuthorizationClaim`. The field is a bool and defaults to true. When the field is set to true, the server will enforce that an authorizationClaim is provided for that identity provider&apos;s config. When it is set to false, authorizationClaim will be optional (and ignored if provided). Instead, the server will use access tokens minted by this IdP for authentication only and will rely on a user document with _id corresponding to &quot;authNamePrefix/principalNameClaim&quot; to retrieve roles and authorize the user.&lt;/p&gt;

&lt;p&gt;An administrator will now be able to configure internal authorization with OIDC authentication by setting useAuthorizationClaim to false and omitting authorizationClaim from a given IdP config. Administrators should NOT do this if LDAP authorization is also configured for a cluster as that will cause LDAP authorization to be used for OIDC users rather than internal authorization.&lt;/p&gt;
&lt;h2&gt;&lt;a name=&quot;DescriptionofLinkedTicket&quot;&gt;&lt;/a&gt;Description of Linked Ticket&lt;/h2&gt;
&lt;p&gt;    Today, the &lt;tt&gt;authorizationClaim&lt;/tt&gt; field of the OIDC IdP configuration is mandatory, and the server expects this claim to exist in all access tokens that are presented to it for authentication. It is used to determine the direct set of groups that the user is a member of, which are then mapped to MongoDB roles.&lt;/p&gt;

&lt;p&gt;This ticket will introduce a new IdP configuration field called &lt;tt&gt;useAuthorizationClaim&lt;/tt&gt; that is defaulted to true. When it is toggled to false, &lt;tt&gt;authorizationClaim&lt;/tt&gt; will be optional and the server will instead authorize the user via a user document if it is not specified.&lt;/p&gt;
</description>
                <environment></environment>
        <key id="2495805">DOCS-16487</key>
            <summary>Investigate changes in SERVER-81631: Make authorizationClaim OIDC IdP configuration field optional</summary>
                <type id="3" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14718&amp;avatarType=issuetype">Task</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="9">Done</resolution>
                                        <assignee username="caleb.thompson@mongodb.com">Caleb Thompson</assignee>
                                    <reporter username="backlog-server-pm">Backlog - Core Eng Program Management Team</reporter>
                        <labels>
                            <label>feature</label>
                    </labels>
                <created>Thu, 9 Nov 2023 19:26:27 +0000</created>
                <updated>Mon, 8 Jan 2024 17:03:50 +0000</updated>
                            <resolved>Thu, 16 Nov 2023 19:57:54 +0000</resolved>
                                                    <fixVersion>7.3.0-rc0</fixVersion>
                    <fixVersion>7.2.0-rc2</fixVersion>
                    <fixVersion>7.0.5</fixVersion>
                    <fixVersion>Server_Docs_[20240108]</fixVersion>
                                    <component>manual</component>
                    <component>Server</component>
                        <due></due>
                            <votes>0</votes>
                                    <watches>1</watches>
                                                                                                                <comments>
                            <comment id="5871753" author="caleb.thompson" created="Fri, 10 Nov 2023 18:03:18 +0000"  >&lt;p&gt;&lt;a href=&quot;https://github.com/10gen/docs-mongodb-internal/pull/5258&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/10gen/docs-mongodb-internal/pull/5258&lt;/a&gt;&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10420">
                    <name>Backports</name>
                                            <outwardlinks description="backported by">
                                        <issuelink>
            <issuekey id="2522344">DOCS-16538</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                            <issuelinktype id="10320">
                    <name>Documented</name>
                                            <outwardlinks description="documents">
                                        <issuelink>
            <issuekey id="2456273">SERVER-81631</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_14258" key="com.atlassian.jira.plugin.system.customfieldtypes:datepicker">
                        <customfieldname>Baseline start date</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Fri, 10 Nov 2023 00:00:00 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Fri, 10 Nov 2023 18:03:18 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        12 weeks, 5 days ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_14876" key="com.atlassian.jira.plugin.system.customfieldtypes:userpicker">
                        <customfieldname>Docs Reviewer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>kenneth.dyer@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_17052" key="com.atlassian.jira.plugin.system.customfieldtypes:textarea">
                        <customfieldname>Downstream Changes Summary</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>This change adds a new field to the oidcIdentityProviders server parameter called `useAuthorizationClaim`. The field is a bool and defaults to true. When the field is set to true, the server will enforce that an authorizationClaim is provided for that identity provider&amp;#39;s config. When it is set to false, authorizationClaim will be optional (and ignored if provided). Instead, the server will use access tokens minted by this IdP for authentication only and will rely on a user document with _id corresponding to &amp;quot;authNamePrefix/principalNameClaim&amp;quot; to retrieve roles and authorize the user.&lt;br/&gt;
&lt;br/&gt;
An administrator will now be able to configure internal authorization with OIDC authentication by setting useAuthorizationClaim to false and omitting authorizationClaim from a given IdP config. Administrators should NOT do this if LDAP authorization is also configured for a cluster as that will cause LDAP authorization to be used for OIDC users rather than internal authorization.</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_14873" key="com.atlassian.jira.plugin.system.customfieldtypes:multiuserpicker">
                        <customfieldname>External Reviewer</customfieldname>
                        <customfieldvalues>
                                    <customfieldvalue><![CDATA[varun.ravichandran@mongodb.com]]></customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>emet.ozar@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            12 weeks, 5 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>backlog-server-pm</customfieldvalue>
            <customfieldvalue>caleb.thompson@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|i2zqcv:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|i2hk3w:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|i2zci7:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                </customfields>
    </item>
</channel>
</rss>