Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-11997

Add support for a case-insensitive Camunda admin check

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Unresolved
    • Icon: L3 - Default L3 - Default
    • None
    • 7.12.0
    • None
    • None

      Current State
      When working with a case insensitive database in combination with the LDAP Plugin and the AdministratorAuthorizationPlugin, the following behavior can be observed:

      • First start a Camunda instance with the authorization plugin enabled with administratorGroupName set to 'ADMINGROUP'
      • Multiple authorizations will be created for that group in the database
      • At this point, a user belonging to the AD group 'AdminGroup' can login to the Webapps but is not considered as an Admin in Camunda
      • This behavior is confusing since that user should either be able to login and be an admin in Camunda or neither of those.

      Furthermore, if you stop the Camunda instance, change the configuration of the administratorGroupName to 'AdminGroup', and restart it, the authorizations in the database will not change.
      A user from that AD group can however login and is considered an admin in Camunda as well then.

      Proposal
      Add support for a case-insensitive Camunda admin check that conforms with how the authorizations are checked with a case insensitive database underneath.

        This is the controller panel for Smart Panels app

              thorben.lindhauer Thorben Lindhauer
              jcarnus Jérémy Carnus
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: