Commit 926b8d81 authored by Robert Lyon's avatar Robert Lyon Committed by Cecilia Vela Gurovic

Bug 1855556: Allowing minimal SAML input to create new user

Having a flag that can be set for the site so a saml instance that
creates new users can do so with only username / institution present
in the authentication packet

behatnotneeded

Change-Id: Id3942a8e3388b2ccee8d97d37200bca8fa312914
Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
parent 4e24b183
......@@ -240,9 +240,11 @@ class AuthSaml extends Auth {
$user->email = $email;
$user->studentid = $studentid;
// must have these values
if (empty($firstname) || empty($lastname) || empty($email)) {
throw new AccessDeniedException(get_string('errormissinguserattributes1', 'auth.saml', get_config('sitename')));
// must have these values - unless creating a user with username only
if (!get_config('saml_create_minimum_user')) {
if (empty($firstname) || empty($lastname) || empty($email)) {
throw new AccessDeniedException(get_string('errormissinguserattributes1', 'auth.saml', get_config('sitename')));
}
}
$user->authinstance = empty($this->config['parent']) ? $this->instanceid : $this->parent;
......
......@@ -814,3 +814,12 @@ $cfg->sessionhandler = 'file';
* Set as a comma seperated string of valid file extensions
*/
//$cfg->validfiletypes = 'doc,docx,gif,jpeg,jpg,m4a,mp3,mp4,pdf,png'; // for example
/**
* Allow the creation of a user with minimum details from SAML
* With modern privacy laws some IdPs will not include identifying things like firstname/lastname,
* email address in their minimum packet of info about an authenticated user.
* Mahara expect these to exist to create a new user.
* To get passed this, by allowing just a unique identifier/username, we set the follwing flag
*/
// $cfg->saml_create_minimum_user=true;
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment