Allow SAML auth to set admin/staff roles on create user
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
| Mahara |
Wishlist
|
Robert Lyon |
Bug Description
If the IdP authentication packet contains roles we can map those roles via the SAML auth instance config form to set user as site admin or site staff or institution admin or institution staff on creation.
Changed in mahara: | |
status: | New → In Progress |
importance: | Undecided → Wishlist |
assignee: | nobody → Robert Lyon (robertl-9) |
milestone: | none → 20.04.0 |
Mahara Bot (dev-mahara) wrote : | #2 |
Patch for "master" branch: https:/
Reviewed: https:/
Committed: https:/
Submitter: Cecilia Vela Gurovic (<email address hidden>)
Branch: master
commit b56e075089c2081
Author: Robert Lyon <email address hidden>
Date: Sun Dec 8 10:44:01 2019 +1300
Bug 1855560: Allow SAML user creation to also set the role
Currently only set up to map external roles to internal roles of
- admin
- staff
- institution admin
- institution staff
behatnotneeded
Change-Id: I4ce31faa46ba11
Signed-off-by: Robert Lyon <email address hidden>
Changed in mahara: | |
status: | In Progress → Fix Committed |
Mahara Bot (dev-mahara) wrote : | #4 |
Reviewed: https:/
Committed: https:/
Submitter: Cecilia Vela Gurovic (<email address hidden>)
Branch: master
commit 2641c9be73902eb
Author: Robert Lyon <email address hidden>
Date: Thu Jan 9 09:53:22 2020 +1300
Bug 1855560: SAML role prefix to only allow certain users login access
If the IdP only wants certain users to be able to login and have user
creation in Mahara then their roles need to have a prefix.
We check users on authentication to make sure any of their roles are
allowed and if not stop them from logging in.
behatnotneeded
Change-Id: Ibb892849d245e2
Signed-off-by: Robert Lyon <email address hidden>
tags: | added: nominatedfeature |
Changed in mahara: | |
status: | Fix Committed → Fix Released |
Patch for "master" branch: https:/ /reviews. mahara. org/10653