Details

    • Type: Story
    • Status: Closed (View Workflow)
    • Resolution: Won't Do
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: SAML
    • Labels:

      Description

      Story
      As a customer of Alfresco ECMPaaS, I want to be able to use Alfresco without a sharing an authentication directory between Alfresco and my IdP which would require a VPN tunnel. When a user is disabled in my IdP, I want that user to also be disabled in Alfresco.

      Acceptance Criteria
      Setup:

      1. Configure an Alfresco instance to use SAML with an IdP
      2. Do not configure Alfresco to access the authentication directory behind the IdP
      3. Create a user in the IdP.
      4. Log into Alfresco with that user (should be created automatically per SAML-175)
      5. Disable the user in the IdP
        Verify:
      • In the Alfresco user browser, the user appears as disabled
      • The user cannot log into Alfresco directly
      • SAML provisioning of users must not break the authorized users count used to verify license compliance.

      Notes

      • This should work in roughly the same way as automatic provisioning of users via LDAP currently works.
      • Question: Does SAML support this use case?

        Attachments

          Issue Links

            Structure

              Activity

                People

                • Assignee:
                  Unassigned
                  Reporter:
                  resplin Richard Esplin [X] (Inactive)
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  4 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    Structure Helper Panel