Angela Schreiber created OAK-10067:
--------------------------------------
Summary: ExternalGroupPrincipalProvider#getMembership does not
resolve inherited groups that cross IDP boundaries
Key: OAK-10067
URL: https://issues.apache.org/jira/browse/OAK-10067
Project: Jackrabbit Oak
Issue Type: Bug
Components: auth-external
Reporter: Angela Schreiber
Assignee: Angela Schreiber
if a dynamic group is member of group that does not belong to the same IDP
(such as e.g. a local group that is not listed in automembership), the
ExternalGroupPrincipalProvider will fail to resolve the inherited membership
for external users.
Note that resolving the membership of the dynamic group itself works, but for
external members of that dynamic group (i.e. external users) the IDP-boundary
crossing membership will not be resolved.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
