goauthentik
Openid oidc: Limit user group info send to application
Describe your question/ I use rdp gateway with openid. But rdp gateway cant handel users having like 16 groups because it set this info in a secure cookie and then it gets to much info.
i would like authentik to only send user groups when that provider is used that start with VDI but don’t know how and I’ve its even possible.
Any other solution is also appreciated
you can create custom property mapping and bind it to your provider (here groups are mapped into "roles" claim for better troubleshooting. the code below strips the prefix from group name as well.
prefix = 'VDI'
roles = []
for group in request.user.ak_groups.filter(name__startswith=prefix):
# strip prefix from group name
roles.append(regex_replace(group.name, prefix, ''))
return {
"roles": roles,
}
see https://24xsiempre.com/en/kasten-k10-authentik/ for details
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
![authentik-automation[bot] avatar](https://avatars.githubusercontent.com/in/340695?v=4 "Published by a pub.dev verified publisher"){kind=small}