Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgadmin-support-owner+archive@lists.postgresql.org>)
	id 1tzTGw-002PGj-1t
	for pgadmin-support@arkaria.postgresql.org; Tue, 01 Apr 2025 04:30:46 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgadmin-support-owner+archive@lists.postgresql.org>)
	id 1tzTGu-00FyrH-E2
	for pgadmin-support@arkaria.postgresql.org; Tue, 01 Apr 2025 04:30:44 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <yogesh.mahajan@enterprisedb.com>)
	id 1tzTGu-00FyoJ-5e
	for pgadmin-support@lists.postgresql.org; Tue, 01 Apr 2025 04:30:44 +0000
Received: from mail-yw1-x1130.google.com ([2607:f8b0:4864:20::1130])
	by magus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.96)
	(envelope-from <yogesh.mahajan@enterprisedb.com>)
	id 1tzTGq-002gZ4-2M
	for pgadmin-support@lists.postgresql.org;
	Tue, 01 Apr 2025 04:30:42 +0000
Received: by mail-yw1-x1130.google.com with SMTP id
 00721157ae682-6fead317874so41369267b3.0
        for <pgadmin-support@lists.postgresql.org>;
 Mon, 31 Mar 2025 21:30:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=enterprisedb.com; s=google; t=1743481838; x=1744086638;
 darn=lists.postgresql.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=6RVo9Xdl/j1RVvbrz/cCQQv3N8VEX6OBCXQ3b4KpJ+k=;
        b=a0J3aYaul0v2f91szgpHFoeBu6TAGGRT6ppbbwubIHKj7qvlNZb4Yn8J/wxxFmKRDe
         d7X6VRZVplvIx7ecYpVtM3EBKwLb6D6wfal84M8lel36GIQgwpga8stu/awX472ObFcI
         jrXfBUn3Dp+i2zVmRpByk/MSjYLPlErJKyjKHzus/fLLMwFfD79/HpkfLUOzm73MgKQI
         KCJqIDo5fg7RbKhq9fVM9Yv22UBetC2fLSuOE4G32ej0Nexp8lRjv4CioBS2kZa93dmK
         2T8y65b7u6pnTW2etTgtqgMA7H1ZIkjuU61QCcj8klCaHyQOUfSRNxIEpxtJk45x/EWM
         pzng==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1743481838; x=1744086638;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=6RVo9Xdl/j1RVvbrz/cCQQv3N8VEX6OBCXQ3b4KpJ+k=;
        b=voKEJWBATNONF5x0ukcgqiY1yvAl/Z16+QAVSzS8pTvnKyEV+6pYtxr85zqBMWbr6n
         6t3TssJBr/ROZIYix/i9Y5m/lOeMKbMr36IwJdY7kpxOWE+TMhkrNXGLacU9iXBum+Oh
         Zz4UgddvnS1jsehzoBNZWoY+TDG/9K7de8Kc3OZ8DB3odEQu7aXv2ZdJk7tHBGao5kv8
         LppInBeB6jF6EOCpP28PUiMpBq8ppFabiBqQW6ecSugqjx5AMkjWJHlIkoHNFwiOUxwK
         d9qAtT/Iwv77DTpA0G8lWDnxlZ7KnQWq+/jfjx6NvCAJCtVidpOPXaIwFx3b1sYFZYmc
         ER7Q==
X-Gm-Message-State: AOJu0YwQ3dV8hqwPhUFleIreqCi/Zj+FPkLM+fTG+LP/ukdzrGzUT1i2
	j9Mzcvu78+CxkP2N7Y50VttUod5yy1sxxhj/hYkWEEh6ALmMc5wD0ALmybCW2CmVrgDDCbD+O/7
	sFoVKUVOoe3AsSd/br2gyL4+jMDenxh1t65UivIfIh4BFfcI=
X-Gm-Gg: ASbGncvu922Bvb+g4nhws4TxZVONowvukGzgNh0BdRw2BtkZUQX6kDZTCvMwehJgJkC
	1nejGOJcz+sWQESR9disSPblW+bGh5BbBtXbYupyccbMulnr1wr4YuNMGn0SA0CD9Wkvq2wOGTJ
	OtikB23r1EnmVAoaiDfDnQgfGFKB0MQS/HWk7AqtRA1TrTU+XnCHa5R7fX4g==
X-Google-Smtp-Source: 
 AGHT+IFdTh6zzhY0GDSO9zLr8yYetO1U6RjedzZi+IPRTY535yQahYMgzmk4/cEfkKS0M0beOANY7pKgN9QGJMHg1F8=
X-Received: by 2002:a05:690c:488a:b0:6fd:3d37:99ce with SMTP id
 00721157ae682-70257139e6amr153747237b3.17.1743481838288; Mon, 31 Mar 2025
 21:30:38 -0700 (PDT)
MIME-Version: 1.0
References: <1224057069.3389211.1743246544267.ref@mail.yahoo.com>
 <1224057069.3389211.1743246544267@mail.yahoo.com>
In-Reply-To: <1224057069.3389211.1743246544267@mail.yahoo.com>
From: Yogesh Mahajan <yogesh.mahajan@enterprisedb.com>
Date: Tue, 1 Apr 2025 10:00:02 +0530
X-Gm-Features: AQ5f1Jp84CFDQPWA3Lddtx-sthgeHyAcOCQsBCQmnmaHBQjxSlabvW-SpQEAPMk
Message-ID: 
 <CAMa=N=N3-Xf0yQs_KES5Gcx6cwX-XWOS+-06s6XACf-F7SiT-w@mail.gmail.com>
Subject: Re: Pgadmin4 Webserver Authentication + Azure SAML SSO , anyone ever
 managed to configure it?
To: Viktor Madarasz <viktor.madarasz@yahoo.com>
Cc: "pgadmin-support@lists.postgresql.org"
 <pgadmin-support@lists.postgresql.org>
Content-Type: multipart/alternative; boundary="000000000000a4d9490631afff45"
List-Id: <pgadmin-support.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgadmin-support@lists.postgresql.org>
List-Owner: <mailto:pgadmin-support-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgadmin-support>
Archived-At: 
 <https://www.postgresql.org/message-id/CAMa%3DN%3DN3-Xf0yQs_KES5Gcx6cwX-XWOS%2B-06s6XACf-F7SiT-w%40mail.gmail.com>
Precedence: bulk

--000000000000a4d9490631afff45
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hi,

pgadmin4 only uses Azure AD for authentication. However users logged in
with Azure SSO(or any OAuth2) are the normal users who have all the access
other than adding new users.
Not sure what exactly you mean 'Read only profiles'? What are the
limitations you have seen in pgadmin?

Thanks,
Yogesh Mahajan
EnterpriseDB


On Mon, Mar 31, 2025 at 6:26=E2=80=AFPM Viktor Madarasz <viktor.madarasz@ya=
hoo.com>
wrote:

> Hi
>
> Pgadmin4 Webserver Authentication + Azure SAML SSO , anyone ever managed
> to configure it?
>
> Trying to switch IdP Provider from Onelogin ( working right now with
> Pgadmin4 + Webserver Authentication + Onelogin as IdP provider  to Azure
> SAML SSO.
>
> It looks like the mapped attributes might be the one causing the issue
> coming from Azure side.
>
> The username in a form of firstname.lastname@domain.com gets parsed
> correctly but the actual group memberships not being passed along and
> therefore users being logged in with read only profiles and it does not
> respect their group memberships.
>
> Regards
>
> Viktor
>
>
>

--000000000000a4d9490631afff45
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div><div style=3D"font-family:verdana,sans-serif;font-siz=
e:small" class=3D"gmail_default">Hi,</div><div style=3D"font-family:verdana=
,sans-serif;font-size:small" class=3D"gmail_default"><br></div><div style=
=3D"font-family:verdana,sans-serif;font-size:small" class=3D"gmail_default"=
>pgadmin4 only uses Azure AD for authentication. However=C2=A0users logged =
in with Azure SSO(or any OAuth2) are the normal users who have all the acce=
ss other than adding new users.</div><div style=3D"font-family:verdana,sans=
-serif;font-size:small" class=3D"gmail_default">Not sure what exactly you m=
ean &#39;Read only profiles&#39;? What are the limitations you have seen in=
 pgadmin?=C2=A0</div><br clear=3D"all"></div><div><div dir=3D"ltr" class=3D=
"gmail_signature" data-smartmail=3D"gmail_signature"><div dir=3D"ltr"><font=
 face=3D"verdana, sans-serif">Thanks,</font><div><font face=3D"verdana, san=
s-serif">Yogesh Mahajan</font></div><div><font face=3D"verdana, sans-serif"=
>EnterpriseDB<br></font></div></div></div></div><br></div><br><div class=3D=
"gmail_quote gmail_quote_container"><div dir=3D"ltr" class=3D"gmail_attr">O=
n Mon, Mar 31, 2025 at 6:26=E2=80=AFPM Viktor Madarasz &lt;<a href=3D"mailt=
o:viktor.madarasz@yahoo.com">viktor.madarasz@yahoo.com</a>&gt; wrote:<br></=
div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;bor=
der-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,20=
4);padding-left:1ex"><div><div style=3D"font-family:&quot;Helvetica Neue&qu=
ot;,Helvetica,Arial,sans-serif;font-size:10px"><div dir=3D"ltr"><font size=
=3D"3">Hi<br><br><span>Pgadmin4 Webserver Authentication + Azure SAML SSO ,=
 anyone ever managed to configure it?<br><br>Trying to switch IdP Provider =
from Onelogin ( working right now with Pgadmin4 + Webserver Authentication =
+ Onelogin as IdP provider=C2=A0 to Azure SAML SSO.<br><br>It looks like th=
e mapped attributes might be the one causing the issue coming from Azure si=
de.<br><br>The username in a form of <a href=3D"mailto:firstname.lastname@d=
omain.com" target=3D"_blank">firstname.lastname@domain.com</a> gets parsed =
correctly but the actual group memberships not being passed along and there=
fore users being logged in with read only profiles and it does not respect =
their group memberships.</span></font></div><div dir=3D"ltr"><font size=3D"=
3"><span><br></span></font></div><div dir=3D"ltr"><font size=3D"3"><span>Re=
gards<br><br>Viktor<br></span><br></font><br></div></div></div></blockquote=
></div>

--000000000000a4d9490631afff45--