[MNT-12283] Need to be able to disable external users Created: 17-Dec-13  Updated: 30-Aug-16  Resolved: 18-Mar-16

Status: Closed
Project: Service Packs and Hot Fixes
Component/s: Repository Authentication and SSO
Affects Version/s: 4.2.1
Fix Version/s: None

Type: Improvement
Reporter: Alex Strachan Assignee: Closed Issues
Resolution: Duplicate Votes: 2
Labels: ENHCleanup
Remaining Estimate: 0 minutes
Time Spent: 2 hours
Original Estimate: Not Specified

Issue Links:
Duplicate
is duplicated by MNT-15038 Unexpected behavior when disabling Ac... Closed
is duplicated by REPO-659 Disable users via SAML Idea
Related
Bug Priority:
Category 3
ACT Numbers:

00179081


 Description   

Ref: https://issues.alfresco.com/jira/browse/MNT-2089

We need to be able to disable external users i.e. users who are part of SSO or LDAP directory but should not have access to Alfresco.

We cannot entirely disable the users as they need access to other applications that are part of the SSO infrastructure i.e. do not modify external account details but keep disabled status with other Alfresco specific fields in the profile. (as an aside it would be quite nice to have the option to sync more fields)

The UI does not allow us to disable the users but it can be done programmatically although the disabled user can still log in so has no impact(hence a bug).

Ideally there would be customizable page to show for authenticated but disabled users.



 Comments   
Comment by Richard Esplin [X] (Inactive) [ 18-Mar-16 ]

The crux of this use case is that the user needs to continue to exist in the IdP, but show up as disabled in Alfresco.

The most common approach is to use a common authentication directory behind the IdP and Alfresco, and then synchronize a specific LDAP group to Alfresco. However, MNT-15038 will make it easy to specify a specific property which should be used for controlling whether an Alfresco user is enabled or disabled.

Another approach is to have Alfresco get this information directly from the IdP. This is not currently planned as a feature of the on-premise SAML module, but is being considered as part of SAML-176.

I will close this issue as a duplicate of MNT-15038.

Generated at Sat Jan 19 23:11:34 GMT 2019 using JIRA 7.6.3#76005-sha1:8a4e38d34af948780dbf52044e7aafb13a7cae58.