Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-72984

Improve representation for EntraID (AzureAD) groups when add them via cryptic oid string

    • Icon: Improvement Improvement
    • Resolution: Fixed
    • Icon: Minor Minor
    • role-strategy-plugin
    • None
    • Jenkins 2.426.1
      Microsoft Entra ID (previously Azure AD) Plugin Version 442.v355cca_6b_c169
      Role-based Authorization Strategy Version 689.v731678c3e0eb_
    • 717.v6a_69a_fe98974

      Role-based Authorization Strategy plugin works excellent with azure-ad plugin if add users and groups via object_id.
      If you add user using object_id, then plugin performs check_name request (validation) and if user was found validation response returns user fullname for representation - source. If you add group using object_id, then validation won't return group display name and will be represented as it was requested - source.
      It's hard to manage access when dozens of group added to the table.

      Please add ability to represent Azure groups by group name if the AzureSecurityRealm in use or just simple check if groupName property is available for group object (AzureAdGroup class). Another option is ability to provide notes for Users/Groups, then we can describe what exact name stands behind the id.

          [JENKINS-72984] Improve representation for EntraID (AzureAD) groups when add them via cryptic oid string

          Markus Winter added a comment - - edited

          There is no API in Jenkins security realm that allows to get a 'display name' for a group.

          The groupDetails actually do provide a display name.

          I will provide a change

          Markus Winter added a comment - - edited There is no API in Jenkins security realm that allows to get a 'display name' for a group . The groupDetails actually do provide a display name. I will provide a change

          Markus Winter added a comment - - edited

          boston_aqua can you please check if https://repo.jenkins-ci.org/artifactory/incrementals/org/jenkins-ci/plugins/role-strategy/716.va_519735f6b_7c/role-strategy-716.va_519735f6b_7c.hpi resolves the problem?

          I don't have access to Azure so I can't test this myself.

          Markus Winter added a comment - - edited boston_aqua can you please check if https://repo.jenkins-ci.org/artifactory/incrementals/org/jenkins-ci/plugins/role-strategy/716.va_519735f6b_7c/role-strategy-716.va_519735f6b_7c.hpi resolves the problem? I don't have access to Azure so I can't test this myself.

          Oleksandr K. added a comment -

          Thank you! I tested it and now it represents group by display name! That's exactly what we wanted.

          Oleksandr K. added a comment - Thank you! I tested it and now it represents group by display name! That's exactly what we wanted.

            mawinter69 Markus Winter
            boston_aqua Oleksandr K.
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: