Commit 6389e53d authored by Piers Harding's avatar Piers Harding
Browse files

auth/saml: add flag to choose matching against remote user or

real username
parent c3a944ca
......@@ -197,7 +197,9 @@ function simplesaml_init($saml_config, $valid_saml_session, $saml_attributes, $a
// find the one (it should be only one) that has the right field, and the right field value for institution
$instance = false;
$institutions = array();
foreach ($instances as $row) {
$institutions[]= $row->instance.':'.$row->institution.':'.$row->value;
if (isset($saml_attributes[$row->value])) {
// does this institution use a regex match against the institution check value?
if ($configvalue = get_record('auth_instance_config', 'instance', $row->instance, 'field', 'institutionregex')) {
......@@ -232,6 +234,8 @@ function simplesaml_init($saml_config, $valid_saml_session, $saml_attributes, $a
}
}
if (!$instance) {
log_warn("auth/saml: could not find an authinstance from: " . join(", ", $institutions));
log_warn("auth/saml: could not find the saml institutionattribute for user: ".var_export($saml_attributes, true));
throw new UserNotFoundException(get_string('errorbadinstitution','auth.saml'));
}
try {
......@@ -249,4 +253,4 @@ function simplesaml_init($saml_config, $valid_saml_session, $saml_attributes, $a
}
}
?>
\ No newline at end of file
?>
......@@ -34,6 +34,7 @@ $string['errorretryexceeded'] = 'Maximum number of retries exceeded (%s) - there
$string['errnosamluser'] = 'No User found';
$string['errorbadlib'] = 'SimpleSAMLPHP lib directory %s is not correct.';
$string['errorbadconfig'] = 'SimpleSAMLPHP config directory %s is in correct.';
$string['errorbadcombo'] = 'You can only choose user auto creation if you have not selected remoteuser';
//$string['idpidentity'] = 'IdP Identity Service';
$string['institutionattribute'] = 'Institution attribute (contains "%s")';
$string['institutionvalue'] = 'Institution value to check against attribute';
......@@ -48,4 +49,5 @@ $string['userattribute'] = 'User attribute';
$string['simplesamlphplib'] = 'SimpleSAMLPHP lib directory';
$string['simplesamlphpconfig'] = 'SimpleSAMLPHP config directory';
$string['weautocreateusers'] = 'We auto-create users';
$string['remoteuser'] = 'Match username attribute to Remote username';
?>
<h3>Remote user</h3>
<p>Match the user attribute value to the remote username field assigned to a given user (not the real Mahara user name). </p>
......@@ -47,6 +47,8 @@ class AuthSaml extends Auth {
$this->config['institutionregex'] = 0;
$this->config['institutionvalue'] = '';
$this->config['updateuserinfoonlogin'] = 1;
$this->config['remoteuser'] = false;
$this->instanceid = $id;
if (!empty($id)) {
return $this->init($id);
......@@ -135,7 +137,13 @@ class AuthSaml extends Auth {
}
}
$user->find_by_username($remoteuser);
$isremote = $this->config['remoteuser'] ? true : false;
if ($isremote) {
$user->find_by_instanceid_username($this->instanceid, $remoteuser, $isremote);
}
else {
$user->find_by_username($remoteuser);
}
if ($user->get('suspendedcusr')) {
die_info(get_string('accountsuspended', 'mahara', strftime(get_string('strftimedaydate'), $user->get('suspendedctime')), $user->get('suspendedreason')));
......@@ -263,7 +271,7 @@ class PluginAuthSaml extends PluginAuth {
'simplesamlphplib' => '',
'simplesamlphpconfig' => '',
'user_attribute' => '',
'weautocreateusers' => 1,
'weautocreateusers' => 0,
'firstnamefield' => '',
'surnamefield' => '',
'emailfield' => '',
......@@ -272,6 +280,7 @@ class PluginAuthSaml extends PluginAuth {
'institutionattribute' => '',
'institutionvalue' => '',
'institutionregex' => 0,
'remoteuser' => 0,
);
public static function has_config() {
......@@ -401,6 +410,12 @@ class PluginAuthSaml extends PluginAuth {
'defaultvalue' => self::$default_config['user_attribute'],
'help' => true,
),
'remoteuser' => array(
'type' => 'checkbox',
'title' => get_string('remoteuser', 'auth.saml'),
'defaultvalue' => self::$default_config['remoteuser'],
'help' => true,
),
'updateuserinfoonlogin' => array(
'type' => 'checkbox',
'title' => get_string('updateuserinfoonlogin', 'auth.saml'),
......@@ -458,6 +473,11 @@ class PluginAuthSaml extends PluginAuth {
$form->set_error('simplesamlphpconfig', get_string('errorbadconfig', 'auth.saml', $values['simplesamlphpconfig']));
}
}
if (isset($values['weautocreateusers'])) {
if ($values['weautocreateusers'] && $values['remoteuser']) {
$form->set_error('weautocreateusers', get_string('errorbadcombo', 'auth.saml'));
}
}
}
......@@ -507,6 +527,7 @@ class PluginAuthSaml extends PluginAuth {
self::$default_config = array('user_attribute' => $values['user_attribute'],
'weautocreateusers' => $values['weautocreateusers'],
'remoteuser' => $values['remoteuser'],
'firstnamefield' => $values['firstnamefield'],
'surnamefield' => $values['surnamefield'],
'emailfield' => $values['emailfield'],
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment