Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix user role not updated by gatekeeper #344

Closed
filippomc opened this issue Oct 8, 2021 · 1 comment · Fixed by #379
Closed

Fix user role not updated by gatekeeper #344

filippomc opened this issue Oct 8, 2021 · 1 comment · Fixed by #379
Assignees
@filippomc
Labels
enhancement New feature or request scope:accounts
Milestone
v1.0.0

Comments

@filippomc
Copy link
Collaborator

filippomc commented Oct 8, 2021
edited
Loading

If a user role is updated on keycloak, the gatekeeper does not see the change.
Let's say that a user tries to access an application A which is not allowed -> 403 page.
If the admin gives the role that authorizes the user to enter the application and the user refreshes the page, still the user is not authorized.

So the gatekeeper uses old information (probably cached) about the user to check the access.

Possible solutions:

  • Reduce the time the gatekeeper refreshes the user information from keycloak
  • Improve the 403 page by giving a logout link so that the user can retry.
@filippomc filippomc added enhancement New feature or request scope:accounts labels Jan 11, 2022
@filippomc filippomc assigned zsinnema and filippomc and unassigned zsinnema Jan 14, 2022
@filippomc
Copy link
Collaborator Author

The keycloak parameter "access token lifespan" defines the expiration time for the token used by the gatekeeper

filippomc added a commit that referenced this issue Jan 19, 2022
@filippomc
#344 unauthorized paged improved on gatekeeper
c61cf5a
@filippomc filippomc mentioned this issue Jan 19, 2022
Merged
@filippomc filippomc added this to the v1.0.0 milestone Jan 19, 2022
@filippomc filippomc linked a pull request Jan 27, 2022 that will close this issue
Feature/344: gatekeeper improvements #379
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@filippomc filippomc

Labels
enhancement New feature or request scope:accounts
Projects
None yet
Milestone
v1.0.0
Development

Successfully merging a pull request may close this issue.

Feature/344: gatekeeper improvements MetaCell/cloud-harness
2 participants
@zsinnema @filippomc