[
https://issues.apache.org/jira/browse/OAK-10067?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17678265#comment-17678265
]
Julian Reschke commented on OAK-10067:
--------------------------------------
trunk:
[edf4a4493c|https://github.com/apache/jackrabbit-oak/commit/edf4a4493c18784c83d3e50d26739b458c374a11]
> ExternalGroupPrincipalProvider does not resolve inherited groups that cross
> IDP boundaries
> ------------------------------------------------------------------------------------------
>
> Key: OAK-10067
> URL: https://issues.apache.org/jira/browse/OAK-10067
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: auth-external
> Reporter: Angela Schreiber
> Assignee: Angela Schreiber
> Priority: Major
> Fix For: 1.48.0
>
>
> if a dynamic group is member of group that does not belong to the same IDP
> (such as e.g. a local group that is not listed in automembership), the
> ExternalGroupPrincipalProvider will fail to resolve the inherited membership
> for external users.
> Note that resolving the membership of the dynamic group itself works, but for
> external members of that dynamic group (i.e. external users) the IDP-boundary
> crossing membership will not be resolved.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
