You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
On log-in of OIDC users, an entry in the identities table gets created. Currently, there is no way to remove those entries. This might be problematic if the user in the external identity provider was removed and an administrator wants to clean up the entries in LXD.
Suggestion is to add an endpoint that allows to remove OIDC identities.
There are number of options for removing OIDC identities:
Add a task to clean up OIDC identities that have not been seen for a configurable period and are not members of a LXD group.
Add an endpoint so that an administrator can remove them manually. If they are still present at the IdP level this will have the effect of revoking all LXD group membership, but it will not have any effect if permissions are configured using IdP group mappings.
Use SCIM as suggested by @mseralessandri. We should be careful to add a backup for this as it may not be supported by all IdPs.
tomponline
changed the title
Auth: Remove OIDC identities.
Auth: Remove OIDC identities
May 3, 2024
Required information
Issue description
On log-in of OIDC users, an entry in the identities table gets created. Currently, there is no way to remove those entries. This might be problematic if the user in the external identity provider was removed and an administrator wants to clean up the entries in LXD.
Suggestion is to add an endpoint that allows to remove OIDC identities.
Steps to reproduce
The text was updated successfully, but these errors were encountered: