Skip to content

2.0.0
Compare
Choose a tag to compare
@github-actions github-actions released this 04 Jun 10:20
2.0.0
This tag was signed with the committer’s verified signature.
tumbl3w33d Benjamin
GPG key ID: DAAF0F0F82C0D3EE
Learn about vigilant mode.
2c60208
This commit was signed with the committer’s verified signature.
tumbl3w33d Benjamin
GPG key ID: DAAF0F0F82C0D3EE
Learn about vigilant mode.

This release changes the approach of how data of users that signed in via OAuth2 Proxy are stored in Nexus.

Before, the plugin tried to be smart by recycling the nexus local db and that worked to some extent but had two major drawbacks:

  • you were not able to distinguish between "real" local users and those who came via proxy (source attribute was default for both)
  • you needed to prefix your role names with idp- (again in order to distinguish because the source could not be properly persisted)

It was simply not possible to make use of the source attribute of users and roles because it gets overwritten in several places of internal nexus code.

Now there is a dedicated orient db for all purposes of this plugin which also allows for an own api token store for the user which means the original password field does not need to be abused anymore. The hashing is done the same as it is done for the original password file, though, so no clear text tokens are stored.

Programmatic access is now handled by the plugin itself. Before, the original mechanism of Nexus was used by simply not touching those requests. The behavior remains the same, but internally the matching is done against the new api token column.

Role mapping now works with the original "external role mapping" feature as it is done for sources like LDAP as well. The dropdown which offers role names gets populated with group names picked up by people signing in, so if one you expect is missing, make someone sign in who has the group. In the future it could make sense to provide an endpoint for extending that list without a user login.

Assets 3
Loading