Allow SAML auth to set admin/staff roles on create user

Bug #1855560 reported by Robert Lyon on 2019-12-07
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
Wishlist
Robert Lyon

Bug Description

If the IdP authentication packet contains roles we can map those roles via the SAML auth instance config form to set user as site admin or site staff or institution admin or institution staff on creation.

Robert Lyon (robertl-9) on 2019-12-07
Changed in mahara:
status: New → In Progress
importance: Undecided → Wishlist
assignee: nobody → Robert Lyon (robertl-9)
milestone: none → 20.04.0
Mahara Bot (dev-mahara) wrote :

Patch for "master" branch: https://reviews.mahara.org/10700

Reviewed: https://reviews.mahara.org/10653
Committed: https://git.mahara.org/mahara/mahara/commit/b56e075089c2081e461bbde446d19564a22e8d87
Submitter: Cecilia Vela Gurovic (<email address hidden>)
Branch: master

commit b56e075089c2081e461bbde446d19564a22e8d87
Author: Robert Lyon <email address hidden>
Date: Sun Dec 8 10:44:01 2019 +1300

Bug 1855560: Allow SAML user creation to also set the role

Currently only set up to map external roles to internal roles of
- admin
- staff
- institution admin
- institution staff

behatnotneeded

Change-Id: I4ce31faa46ba116de6669364604d55754d8edb6a
Signed-off-by: Robert Lyon <email address hidden>

Robert Lyon (robertl-9) on 2020-01-23
Changed in mahara:
status: In Progress → Fix Committed
Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/10700
Committed: https://git.mahara.org/mahara/mahara/commit/2641c9be73902eba356039b8fbddd8c6ec1dadf5
Submitter: Cecilia Vela Gurovic (<email address hidden>)
Branch: master

commit 2641c9be73902eba356039b8fbddd8c6ec1dadf5
Author: Robert Lyon <email address hidden>
Date: Thu Jan 9 09:53:22 2020 +1300

Bug 1855560: SAML role prefix to only allow certain users login access

If the IdP only wants certain users to be able to login and have user
creation in Mahara then their roles need to have a prefix.

We check users on authentication to make sure any of their roles are
allowed and if not stop them from logging in.

behatnotneeded

Change-Id: Ibb892849d245e2580480d20ca04606db3aeb6ff4
Signed-off-by: Robert Lyon <email address hidden>

tags: added: nominatedfeature
Changed in mahara:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers