Details

    • Type: Story
    • Status: Idea (View Workflow)
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: SAML
    • Labels:

      Description

      Story
      As a customer of Alfresco ECMPaaS, I want to be able to use Alfresco without a sharing an authentication directory between Alfresco and my IdP which would require a VPN tunnel. When a user is disabled in my IdP, I want that user to also be disabled in Alfresco.

      Acceptance Criteria
      Setup:

      1. Configure an Alfresco instance to use SAML with an IdP
      2. Do not configure Alfresco to access the authentication directory behind the IdP
      3. Create a user in the IdP.
      4. Log into Alfresco with that user (should be created automatically per SAML-175)
      5. Disable the user in the IdP
        Verify:
      • In the Alfresco user browser, the user appears as disabled
      • The user cannot log into Alfresco directly
      • SAML provisioning of users must not break the authorized users count used to verify license compliance.

      Notes

      • This should work in roughly the same way as automatic provisioning of users via LDAP currently works.
      • Question: Does SAML support this use case?

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                resplin Richard Esplin [X] (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated: