I was wondering if there is any support for, or planned way to support nested groups? The setup we are running is using google as our SSO, and set the app.sso_google_mode
to ‘“groups”’. The issue that we are having is that if a user is part of group X, and group X is added to group Y, where group Y is what is configured in pritunl, the user cannot access pritunl. Am i missing something, or is this a limitation somewhere?
I don’t see anything in the Google API to retrieve nested groups this likely won’t be added.
1 Like
Perhaps the Pritunl server could search for a user’s groups recursively, up to a certain depth? A depth of 0 would be equivalent to the current behaviour where only a user’s direct group memberships are taken into account.
In Google Workspace, groups are also entities. We should be able to list the groups a group is a member of and recurse up to a point.
Hashicorp Vault does this for GSuite OIDC auth, for instance: vault-plugin-auth-jwt/provider_gsuite.go at ab76cf59ee3962b406c617fcc6b8d4ee1dbdcb6e · hashicorp/vault-plugin-auth-jwt · GitHub
Do you think this could be feasible?