Issue Description
Customer configured TIBCO JasperReports® Server to perform external authentication with LDAP per Authentication Cookbook.
As a part of the configuration, he specified mapping an external role (LDAP group) to system administrator role via the organizationRoleMap property of the mtExternalUserSetupProcessor bean:
<property name="organizationRoleMap"> <map> <!-- Example of mapping customer roles to JRS roles --> <entry> <key> <value>Chemist Admin</value> </key> <!-- JRS role that the <key> external role is mapped to--> <value>ROLE_ADMINISTRATOR</value> </entry> </map> </property>[/code]
But when an LDAP user from 'Chemist Admin' group logged into TIBCO JasperReports® Server, ROLE_ADMINISTRATOR system role was not assigned to him per the configuration.
Resolution
Before processing external role, TIBCO JasperReports® Server performs additional actions with the role name:
- add ROLE_ prefix to the name
- capitalize role name
As a result, the key should be a role name that your mapping creates, after adding the prefix and capitalization:
<property name="organizationRoleMap"> <map> <!-- Example of mapping customer roles to JRS roles --> <entry> <key> <value>ROLE_CHEMIST ADMIN</value> </key> <!-- JRS role that the <key> external role is mapped to--> <value>ROLE_ADMINISTRATOR</value> </entry> </map> </property>[/code]
Solution tested with TIBCO JasperReports® Server v.7.2.0
AS-20190815
Recommended Comments
There are no comments to display.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now