Comments (4)
This is intended, we'll need to add this as a "breaking" change to the release notes @rissson @tanberry
from authentik.
Thanks for clarifying @BeryJu .
I still think that having groups with the same name could be useful in some scenarios, for example using nested groups.
Is there any technical or design reason which cause the removal of this feature?
Without this feature, nesting groups may be less useful, and users will end up using a flat group setup..
This feature is also beneficial for mapping groups to Apps. For instance, OIDC apps obtain group names via claims. If group names are unique, OIDC applications may end up with unnatural group names, such as /org/division/administrators instead of simply administrators. While this issue can be resolved through policies, it requires additional effort.
from authentik.
@marcportabellaclotet-mt the main reason fir this is compatibility with external systems (it was changed as part of adding GWS support), as with a lot of external systems that are also identity providers (like google workspace and entra), group names are unique. Also with how groups are currently returned in scopes and in the API it can be quite difficult to differentiate two different groups with the same name (when not using the UUID). This might be something we'll revisit in the future or make configurable in the future
from authentik.
That makes a lot of sense.
Making this configurable could be useful for different scenarios.
Thanks for the explanation @BeryJu .
from authentik.
Related Issues (20)
- [Guacamole] Rejected OpenID Token HOT 1
- Unable to use application via proxy provider HOT 1
- SAML: Failed to verify Metadata Signature results in Python KeyError results in 405 Metthod not allowed
- Select All Checkbox in "Select permissions to assign" seems broken
- Improve Group Membership Management UI to Display Full Group Path HOT 1
- Provide the deleted model state in the event context
- website/docs: integrations: gitea: specify callback url
- Failed attempts is NOT working When Password stage is in Identification Stage
- Parsing error while sending notification mails when display name contains square brackets HOT 1
- Deleted application is still displayed on the dashboard. HOT 1
- Launch URL leads to broken login
- Radius: can't set a password of 128+ characters
- Unable to link discord from settings
- Scriptable property mappings for LDAP outpost HOT 2
- OAuth2/OpenID custom mapping can't serialize python set to JSON
- Support a self-hosted CAPTCHA provider like mCaptcha
- Brand attributes aren't being applied when authenticating through its domain HOT 1
- Notification-transport error HOT 1
- Login form HTML escaping issue HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from authentik.