Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Group claim duplication when using Negotiate authentication on Linux AD domain member with LDAP #55705

Open
1 task done
y4r9 opened this issue May 14, 2024 · 0 comments · May be fixed by #55707
Open
1 task done

Group claim duplication when using Negotiate authentication on Linux AD domain member with LDAP #55705

y4r9 opened this issue May 14, 2024 · 0 comments · May be fixed by #55707
Labels
area-security
Milestone
Backlog

Comments

@y4r9
Copy link

y4r9 commented May 14, 2024

Is there an existing issue for this?

  • I have searched the existing issues

Describe the bug

When using the Negotiate authentication on a Linux AD domain member with LDAP claim resolution as described at link, the nested groups are resolved multiple times, because in file aspnetcore/src/Security/Authentication/Negotiate/src/Internal/LdapAdapter.cs on line 73 a new HashSet is created in every iteration of the surrounding foreach loop. Furthermore, on Windows the claims contain the SIDs of the groups instead of the names, whereas on linux only the group names are returned. To allow for more portable code adding the SIDs would be helpful.

Expected Behavior

  • Unique group claims should be returned upon authentication.
  • Object SIDs should be added to the claims to allow for portable claim based/policy based authorization.

Steps To Reproduce

No response

Exceptions (if any)

No response

.NET Version

8.0.204

Anything else?

No response
@y4r9 y4r9 linked a pull request May 14, 2024 that will close this issue
Open
@MackinnonBuck MackinnonBuck added this to the Backlog milestone May 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area-security
Projects
None yet
Milestone
Backlog
Development

Successfully merging a pull request may close this issue.

Fixed LDAP nested group claims y4r9/aspnetcore
2 participants
@MackinnonBuck @y4r9