- Issue created by @khaled.zaidan
- Status changed to Needs review
3 months ago 1:45pm 20 March 2024
We ran into an issue where AD suddenly stopped providing any group information in the API response. Aside from the group ID, all values were null.
It took us a while to discover what was happening. It took technical expertise and debugging to confirm what the issue was.
It would be very helpful if the module is able to report/log this issue so it's easily visible through the admin interface.
1. Set up login with Windows AAD
2. Add manual mapping between user groups and user roles. Use the displayName of the group(s).
3. Revoke the app's permission to see user group information (sorry, i don't have the full detail of this step. See link below.
4. Try to login using Windows AAD.
Result: user roles are not assigned as expected (might be revoked if strict mode is enabled).
Link: https://learn.microsoft.com/en-us/answers/questions/1389308/microsoft-gr...
Add flags in the code to detect the displayName being empty AND any mappings using what looks like display names (i.e. doesn't match the UUID pattern).
If both flags are raised, log a message in watchdog and add an item on the status report page.
Review/testing
New possible item on status report page. See attached screenshot.
N/A
N/A
Needs review
1.0
Code