|
|
|
As a workaround until this issue is resolved. I created a script to run daily to set setAuthenticator on all users.
groovy: com.pmease.quickbuild.persistence.SessionManager.openSession(); try { def userMgr = com.pmease.quickbuild.entitymanager.UserManager.instance; for (usr in userMgr.getAll()) { if (usr.getName().endsWith("@<our domain>") ) { // don't want to set local accounts just those created by SSO if (usr.getAuthenticator() == null) { logger.info("Updating Authenticator for User:" + usr.getName()); usr.setAuthenticator("AzureAD-DS"); userMgr.save(usr); } else { logger.info("Authenticator already set User:" + usr.getName()); } } else { logger.info("Skipping User:" + usr.getName()); } } } finally { com.pmease.quickbuild.persistence.SessionManager.closeSession(); } Or allow setting an auth/security provider to use in SSO configuration for fall back.
|
From my perspective, I need to update the group list user belongs to whenever a user logs in.
However, this modification finishes the "authenticate" function before updating the group list.
As QuickBuild changed to check all authenticators in case some of them are down(
QB-3836),How about moving the calling of the "findByAccessToken" function to the end of the "authenticate" function instead of the beginning?
I also needed a modification that authenticates users with saved IDs and passwords when all registered authenticators are out of service.