|
|
|
[
Permlink
| « Hide
]
Thrasys Admin [23/Jul/21 08:36 PM]
Or allow setting an auth/security provider to use in SSO configuration for fall back.
As a workaround until this issue is resolved. I created a script to run daily to set setAuthenticator on all users.
groovy: com.pmease.quickbuild.persistence.SessionManager.openSession(); try { def userMgr = com.pmease.quickbuild.entitymanager.UserManager.instance; for (usr in userMgr.getAll()) { if (usr.getName().endsWith("@<our domain>") ) { // don't want to set local accounts just those created by SSO if (usr.getAuthenticator() == null) { logger.info("Updating Authenticator for User:" + usr.getName()); usr.setAuthenticator("AzureAD-DS"); userMgr.save(usr); } else { logger.info("Authenticator already set User:" + usr.getName()); } } else { logger.info("Skipping User:" + usr.getName()); } } } finally { com.pmease.quickbuild.persistence.SessionManager.closeSession(); }
I think this query changed the login procedure, the "authenticate" function, to call the "findByAccessToken" function before authenticating with authenticators.
From my perspective, I need to update the group list user belongs to whenever a user logs in. However, this modification finishes the "authenticate" function before updating the group list. As QuickBuild changed to check all authenticators in case some of them are down( How about moving the calling of the "findByAccessToken" function to the end of the "authenticate" function instead of the beginning? I also needed a modification that authenticates users with saved IDs and passwords when all registered authenticators are out of service. |