3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-07-23 19:49:13 +02:00
Code Issues Projects Releases Packages Wiki Activity

revert filtering IdP groups claim groups

Browse source
This commit is contained in:
Kenneth Jenkins 2025-01-24 14:05:14 -08:00
parent 596bec9b9b
commit 7fc6d93b8c
2 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

1
authorize/evaluator/headers_evaluator_evaluation.go
View file

@ -334,7 +334,6 @@ func (e *headersEvaluatorEvaluation) getGroups(ctx context.Context) []string {
s, _ := e.getSessionOrServiceAccount(ctx)
groups, _ := getClaimStringSlice(s, "groups")
groups = e.filterGroups(groups)
return groups
}

3
authorize/evaluator/headers_evaluator_test.go
View file

@ -517,7 +517,8 @@ func TestHeadersEvaluator_JWTGroupsFilter(t *testing.T) {
"no filtering", nil, nil, "SESSION-10",
[]any{"10", "20", "30", "40", "50", "GROUP-10", "GROUP-20", "GROUP-30", "GROUP-40", "GROUP-50"},
},
{"groups claim", []string{"foo", "quux"}, nil, "SESSION-11", []any{"foo"}},
// filtering has no effect on groups from an IdP "groups" claim
{"groups claim", []string{"foo", "quux"}, nil, "SESSION-11", []any{"foo", "bar", "baz"}},
}
ctx := storage.WithQuerier(context.Background(), storage.NewStaticQuerier(records...))