Limit Groups included in AWS Group Mapper #206
Labels
Comments
UnicornChance
added
bug
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
AWS has a character limit that is applied to the
Tag value, which is where the groups are mapped from when utilizing the AWS Group Mapper. This is a fixed limit on AWS's side.This is a scaling issue when an organization has larger set of groups assigned to users. The current implementation of the AWS Group Mapper, creates a colon delimited list of all the groups of a user, regardless if they are needed or not.
@ntwkninja suggested a change of the implementation of the mapper to require the string
-aws-in the keycloak group if its needed for AWS, and the mapper would only grab the groups with that string.This would be a breaking change ( @ntwkninja is the only user at this point so not a big problem ) and require some documentation, also might introduce duplicity of groups if a group is already defined without the aws string. Generally speaking though, doesn't seem too far fetched to have this requirement.
@rjferguson21 @bburky @mjnagel
The text was updated successfully, but these errors were encountered: