Mahara

Allow SAML auth to set admin/staff roles on create user

Bug #1855560 reported by Robert Lyon on 2019-12-07

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Mahara	Fix Released	Wishlist	Robert Lyon	Mahara 20.04.0

Bug Description

If the IdP authentication packet contains roles we can map those roles via the SAML auth instance config form to set user as site admin or site staff or institution admin or institution staff on creation.

Tags:

Robert Lyon (robertl-9) on 2019-12-07

Changed in mahara:
status:	New → In Progress
importance:	Undecided → Wishlist
assignee:	nobody → Robert Lyon (robertl-9)
milestone:	none → 20.04.0

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2019-12-07: A patch has been submitted for review

Patch for "master" branch: https://reviews.mahara.org/10653

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2020-01-08:

Patch for "master" branch: https://reviews.mahara.org/10700

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2020-01-23: A change has been merged

Reviewed: https://reviews.mahara.org/10653
Committed: https://git.mahara.org/mahara/mahara/commit/b56e075089c2081e461bbde446d19564a22e8d87
Submitter: Cecilia Vela Gurovic (<email address hidden>)
Branch: master

commit b56e075089c2081e461bbde446d19564a22e8d87
Author: Robert Lyon <email address hidden>
Date: Sun Dec 8 10:44:01 2019 +1300

Bug 1855560: Allow SAML user creation to also set the role

Currently only set up to map external roles to internal roles of
- admin
- staff
- institution admin
- institution staff

behatnotneeded

Change-Id: I4ce31faa46ba116de6669364604d55754d8edb6a
Signed-off-by: Robert Lyon <email address hidden>

Robert Lyon (robertl-9) on 2020-01-23

Changed in mahara:
status:	In Progress → Fix Committed

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2020-01-27:

Reviewed: https://reviews.mahara.org/10700
Committed: https://git.mahara.org/mahara/mahara/commit/2641c9be73902eba356039b8fbddd8c6ec1dadf5
Submitter: Cecilia Vela Gurovic (<email address hidden>)
Branch: master

commit 2641c9be73902eba356039b8fbddd8c6ec1dadf5
Author: Robert Lyon <email address hidden>
Date: Thu Jan 9 09:53:22 2020 +1300

Bug 1855560: SAML role prefix to only allow certain users login access

If the IdP only wants certain users to be able to login and have user
creation in Mahara then their roles need to have a prefix.

We check users on authentication to make sure any of their roles are
allowed and if not stop them from logging in.

behatnotneeded

Change-Id: Ibb892849d245e2580480d20ca04606db3aeb6ff4
Signed-off-by: Robert Lyon <email address hidden>

Kristina Hoeppner (kris-hoeppner) on 2020-04-01

tags:

added: nominatedfeature

Cecilia Vela Gurovic (ceciliavg) on 2020-04-29

Changed in mahara:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.