diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 87dd4e850..7f67fd225 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -87,7 +87,7 @@ jobs:
options: '--network-alias=drupal8ci'
services:
selenium:
- image: selenium/standalone-chrome
+ image: selenium/standalone-chrome:115.0
options: '--shm-size="2g"'
mysql:
image: mysql:5.7
diff --git a/composer.json b/composer.json
index 0e93ee69e..26281045c 100644
--- a/composer.json
+++ b/composer.json
@@ -162,7 +162,7 @@
"su-sws/stanford_media": "^9.0",
"su-sws/stanford_migrate": "^8.3",
"su-sws/stanford_profile_helper": "^9.2",
- "su-sws/stanford_ssp": "^8.2"
+ "su-sws/stanford_samlauth": "^1.0"
},
"config": {
"sort-packages": true
diff --git a/config/sync/autologout.settings.yml b/config/sync/autologout.settings.yml
new file mode 100644
index 000000000..79e14f8a2
--- /dev/null
+++ b/config/sync/autologout.settings.yml
@@ -0,0 +1,22 @@
+_core:
+ default_config_hash: kwGGKvKSU7cPTEgTMWrbW0o9Jwe6FSDmpgdUWmIXCdg
+enabled: true
+timeout: 43200
+max_timeout: 172800
+padding: 20
+logout_regardless_of_activity: false
+no_individual_logout_threshold: false
+role_logout: false
+role_logout_max: false
+redirect_url: /user/login
+no_dialog: false
+message: 'Your session is about to expire. Do you want to reset it?'
+inactivity_message: 'You have been logged out due to inactivity.'
+inactivity_message_type: status
+modal_width: 450
+enforce_admin: false
+jstimer_format: '%hours%:%mins%:%secs%'
+jstimer_js_load_option: false
+use_alt_logout_method: false
+use_watchdog: true
+whitelisted_ip_addresses: ''
diff --git a/config/sync/config_pages.type.stanford_saml.yml b/config/sync/config_pages.type.stanford_saml.yml
index 9e32d00d6..6c4955717 100644
--- a/config/sync/config_pages.type.stanford_saml.yml
+++ b/config/sync/config_pages.type.stanford_saml.yml
@@ -6,51 +6,45 @@ dependencies:
- config_pages_overrides
third_party_settings:
config_pages_overrides:
- adb68721-a642-41a8-a15e-0f54da3f2dac:
- field: su_simplesaml_roles
- delta: 0
- column: value
- config_name: simplesamlphp_auth.settings
- config_item: role.population
2b719076-004b-4596-9f49-6987ce0b5a04:
field: su_simplesaml_allowed
delta: -1
column: value
- config_name: stanford_ssp.settings
+ config_name: stanford_samlauth.settings
config_item: allowed.groups
3c6bbd4f-d697-408a-b12e-544c6b740b8d:
field: su_simplesaml_users
delta: -1
column: value
- config_name: stanford_ssp.settings
+ config_name: stanford_samlauth.settings
config_item: allowed.users
b4145a0d-796c-418e-b71a-83c365aa27e2:
field: su_simplesaml_users
delta: 0
column: value
- config_name: stanford_ssp.settings
- config_item: restriction
+ config_name: stanford_samlauth.settings
+ config_item: restrict
50bcbb65-445c-410a-9c93-5d5a88870d2c:
field: su_simplesaml_allowed
delta: 0
column: value
- config_name: stanford_ssp.settings
- config_item: restriction
+ config_name: stanford_samlauth.settings
+ config_item: restrict
2e223afa-8768-41f6-acdd-cfe15114b930:
field: su_simplesaml_affil
delta: 0
column: value
- config_name: stanford_ssp.settings
- config_item: restriction
+ config_name: stanford_samlauth.settings
+ config_item: restrict
576fa6f9-1295-4d86-b639-0e6cac675d35:
field: su_simplesaml_affil
delta: -1
column: value
- config_name: stanford_ssp.settings
+ config_name: stanford_samlauth.settings
config_item: allowed.affiliations
id: stanford_saml
-label: SimpleSAML
-token: null
+label: SAML
+token: false
context:
show_warning: true
group:
@@ -58,6 +52,6 @@ context:
fallback:
language: ''
menu:
- path: /admin/config/people/simplesaml
+ path: /admin/config/people/stanford-saml
weight: -10
description: ''
diff --git a/config/sync/core.extension.yml b/config/sync/core.extension.yml
index 2befef5ba..3d11c9980 100644
--- a/config/sync/core.extension.yml
+++ b/config/sync/core.extension.yml
@@ -7,6 +7,7 @@ module:
admin_toolbar_tools: 0
allowed_formats: 0
auto_entitylabel: 0
+ autologout: 0
block: 0
block_content: 0
block_content_permissions: 0
@@ -143,6 +144,7 @@ module:
pdb_react: 0
preprocess_event_dispatcher: 0
printable: 0
+ r4032login: 0
rabbit_hole: 0
react_paragraphs: 0
react_paragraphs_behaviors: 0
@@ -156,6 +158,8 @@ module:
rh_node: 0
rh_taxonomy: 0
role_delegation: 0
+ samlauth: 0
+ samlauth_user_fields: 0
scheduler: 0
search_api: 0
search_api_db: 0
@@ -164,7 +168,6 @@ module:
shortcut: 0
shs: 0
simple_oauth: 0
- simplesamlphp_auth: 0
smart_date: 0
smart_trim: 0
sophron: 0
@@ -191,7 +194,7 @@ module:
stanford_profile_drush: 0
stanford_profile_styles: 0
stanford_publication: 0
- stanford_ssp: 0
+ stanford_samlauth: 0
subrequests: 0
syslog: 0
system: 0
diff --git a/config/sync/r4032login.settings.yml b/config/sync/r4032login.settings.yml
new file mode 100644
index 000000000..e35ae9e13
--- /dev/null
+++ b/config/sync/r4032login.settings.yml
@@ -0,0 +1,18 @@
+_core:
+ default_config_hash: FtwnuCXmazPAh2H2i_gbDhMK1-eBmNy1dG4RBU4qt4o
+langcode: en
+display_denied_message: true
+access_denied_message: 'Access denied. You must log in to view this page.'
+access_denied_message_type: error
+redirect_authenticated_users_to: ''
+throw_authenticated_404: false
+display_auth_denied_message: true
+access_denied_auth_message: 'Access denied. Check with your site administrator if you need assistance.'
+access_denied_auth_message_type: error
+user_login_path: /user/login
+default_redirect_code: 307
+add_noindex_header: true
+destination_parameter_override: ''
+match_noredirect_pages: "/jsonapi\r\n/jsonapi/*\r\n/subrequests"
+match_noredirect_negate: 0
+redirect_to_destination: true
diff --git a/config/sync/samlauth.authentication.yml b/config/sync/samlauth.authentication.yml
new file mode 100644
index 000000000..64c169fad
--- /dev/null
+++ b/config/sync/samlauth.authentication.yml
@@ -0,0 +1,83 @@
+_core:
+ default_config_hash: oDGEkhP0h5rXXqlDplxeBDre0goLigOJupHKMDMwcqM
+login_menu_item_title: ''
+logout_menu_item_title: ''
+login_redirect_url: ''
+logout_redirect_url: ''
+error_redirect_url: ''
+error_throw: false
+local_login_saml_error: false
+logout_different_user: false
+drupal_login_roles:
+ administrator: '0'
+ authenticated: '0'
+ stanford_faculty: '0'
+ stanford_staff: '0'
+ stanford_student: '0'
+ contributor: '0'
+ site_manager: '0'
+ site_editor: '0'
+ site_builder: '0'
+ site_developer: '0'
+ layout_builder_user: '0'
+ decoupled_site_users: '0'
+sp_entity_id: ''
+sp_name_id_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
+sp_x509_certificate: ''
+sp_new_certificate: ''
+sp_private_key: ''
+metadata_valid_secs: 60
+metadata_cache_http: false
+idp_entity_id: 'https://idp.stanford.edu/'
+idp_single_sign_on_service: 'https://login.stanford.edu/idp/profile/SAML2/Redirect/SSO'
+idp_single_log_out_service: ''
+idp_change_password_service: ''
+idp_certs: { }
+idp_cert_encryption: ''
+unique_id_attribute: uid
+map_users: false
+map_users_name: true
+map_users_mail: true
+map_users_roles:
+ administrator: administrator
+ stanford_faculty: stanford_faculty
+ stanford_staff: stanford_staff
+ stanford_student: stanford_student
+ contributor: contributor
+ site_manager: site_manager
+ site_editor: site_editor
+ site_builder: site_builder
+ site_developer: site_developer
+ layout_builder_user: layout_builder_user
+ decoupled_site_users: decoupled_site_users
+create_users: true
+sync_name: false
+sync_mail: false
+user_name_attribute: ''
+user_mail_attribute: mail
+request_set_name_id_policy: true
+strict: true
+security_metadata_sign: false
+security_authn_requests_sign: true
+security_logout_requests_sign: true
+security_logout_responses_sign: true
+security_nameid_encrypt: false
+security_signature_algorithm: ''
+security_encryption_algorithm: ''
+security_messages_sign: true
+security_assertions_signed: false
+security_assertions_encrypt: false
+security_nameid_encrypted: false
+security_want_name_id: true
+security_request_authn_context: true
+security_lowercase_url_encoding: true
+security_logout_reuse_sigs: false
+security_allow_repeat_attribute_name: false
+debug_display_error_details: false
+debug_log_in: false
+debug_log_saml_in: false
+debug_log_saml_out: false
+debug_phpsaml: false
+use_proxy_headers: false
+use_base_url: true
+bypass_relay_state_check: false
diff --git a/config/sync/samlauth_user_fields.mappings.yml b/config/sync/samlauth_user_fields.mappings.yml
new file mode 100644
index 000000000..0c80585a7
--- /dev/null
+++ b/config/sync/samlauth_user_fields.mappings.yml
@@ -0,0 +1,5 @@
+field_mappings:
+ -
+ attribute_name: displayName
+ field_name: su_display_name
+ link_user_order: null
diff --git a/config/sync/simplesamlphp_auth.settings.yml b/config/sync/simplesamlphp_auth.settings.yml
deleted file mode 100644
index a641fe447..000000000
--- a/config/sync/simplesamlphp_auth.settings.yml
+++ /dev/null
@@ -1,31 +0,0 @@
-_core:
- default_config_hash: BuLah1nwoT5oUjn6XIuKnXkjcvdt5tDIGQ6gAflOY0s
-langcode: en
-activate: true
-auth_source: default-sp
-login_link_display_name: 'SUNetID Login'
-login_link_show: true
-user_name: uid
-unique_id: uid
-mail_attr: mail
-header_no_cache: true
-role:
- population: 'administrator:eduPersonEntitlement,=,uit:sws'
- eval_every_time: 2
-register_users: true
-allow:
- set_drupal_pwd: false
- default_login: true
- default_login_roles:
- decoupled_site_users: decoupled_site_users
- default_login_users: '1'
-logout_goto_url: ''
-user_register_original: visitors_admin_approval
-sync:
- mail: true
- user_name: true
-autoenablesaml: true
-debug: false
-secure: true
-httponly: false
-default_langcode: en
diff --git a/config/sync/stanford_samlauth.settings.yml b/config/sync/stanford_samlauth.settings.yml
new file mode 100644
index 000000000..1083393c9
--- /dev/null
+++ b/config/sync/stanford_samlauth.settings.yml
@@ -0,0 +1,20 @@
+_core:
+ default_config_hash: Gg16MjldLejVucRsgAVxrnzR6CxV4zt94j_HnyyxQ3g
+hide_local_login: true
+local_login_fieldset_label: 'Drupal Login'
+local_login_fieldset_open: false
+allowed:
+ restrict: false
+ users: { }
+ affiliations: { }
+ groups: { }
+role_mapping:
+ workgroup_api:
+ cert: ''
+ key: ''
+ reevaluate: new
+ mapping:
+ -
+ role: administrator
+ attribute: eduPersonEntitlement
+ value: 'uit:sws'
diff --git a/config/sync/stanford_ssp.settings.yml b/config/sync/stanford_ssp.settings.yml
deleted file mode 100644
index 0cdeef6f2..000000000
--- a/config/sync/stanford_ssp.settings.yml
+++ /dev/null
@@ -1,16 +0,0 @@
-_core:
- default_config_hash: EENsVx8JYDmz1Vsf7oRgpbenOH3I5XbY23kjUBkW1gc
-saml_attribute: eduPersonEntitlement
-hide_local_login: true
-use_workgroup_api: true
-workgroup_api_cert: ''
-workgroup_api_key: ''
-restriction: all
-allowed:
- affiliations: { }
- groups: { }
- users: { }
-exclude_redirect:
- - /jsonapi
- - '/jsonapi/*'
- - /subrequests
diff --git a/config/sync/views.view.content.yml b/config/sync/views.view.content.yml
index ea368f15b..eec23c6d3 100644
--- a/config/sync/views.view.content.yml
+++ b/config/sync/views.view.content.yml
@@ -74,6 +74,7 @@ display:
batch: true
batch_size: 10
form_step: true
+ ajax_loader: false
buttons: false
action_title: Action
clear_on_exposed: true
diff --git a/config/sync/views.view.files.yml b/config/sync/views.view.files.yml
index 23b13b057..c62906867 100644
--- a/config/sync/views.view.files.yml
+++ b/config/sync/views.view.files.yml
@@ -74,6 +74,7 @@ display:
batch: true
batch_size: 10
form_step: true
+ ajax_loader: false
buttons: false
action_title: Action
clear_on_exposed: true
diff --git a/config/sync/views.view.redirect.yml b/config/sync/views.view.redirect.yml
index 291e0a149..ca0c8de2f 100644
--- a/config/sync/views.view.redirect.yml
+++ b/config/sync/views.view.redirect.yml
@@ -247,7 +247,7 @@ display:
type: basic
options:
submit_button: Filter
- reset_button: false
+ reset_button: true
reset_button_label: Reset
exposed_sorts_label: 'Sort by'
expose_sort_order: true
diff --git a/config/sync/views.view.samlauth_map.yml b/config/sync/views.view.samlauth_map.yml
new file mode 100644
index 000000000..1d5fff8f5
--- /dev/null
+++ b/config/sync/views.view.samlauth_map.yml
@@ -0,0 +1,530 @@
+uuid: 46ee9057-96b1-46a0-a427-d453f14daaf9
+langcode: en
+status: true
+dependencies:
+ module:
+ - externalauth
+ - samlauth
+ - user
+id: samlauth_map
+label: 'SAML Authentication Links'
+module: views
+description: ''
+tag: ''
+base_table: authmap
+base_field: ''
+display:
+ default:
+ id: default
+ display_title: Master
+ display_plugin: default
+ position: 0
+ display_options:
+ title: 'SAML Authentication Links'
+ fields:
+ authname:
+ id: authname
+ table: authmap
+ field: authname
+ relationship: none
+ group_type: group
+ admin_label: ''
+ plugin_id: standard
+ label: 'SAML IdP Unique ID'
+ exclude: false
+ alter:
+ alter_text: false
+ text: ''
+ make_link: false
+ path: ''
+ absolute: false
+ external: false
+ replace_spaces: false
+ path_case: none
+ trim_whitespace: false
+ alt: ''
+ rel: ''
+ link_class: ''
+ prefix: ''
+ suffix: ''
+ target: ''
+ nl2br: false
+ max_length: 0
+ word_boundary: true
+ ellipsis: true
+ more_link: false
+ more_link_text: ''
+ more_link_path: ''
+ strip_tags: false
+ trim: false
+ preserve_tags: ''
+ html: false
+ element_type: ''
+ element_class: ''
+ element_label_type: ''
+ element_label_class: ''
+ element_label_colon: true
+ element_wrapper_type: ''
+ element_wrapper_class: ''
+ element_default_classes: true
+ empty: ''
+ hide_empty: false
+ empty_zero: false
+ hide_alter_empty: true
+ uid:
+ id: uid
+ table: authmap
+ field: uid
+ relationship: none
+ group_type: group
+ admin_label: ''
+ plugin_id: numeric
+ label: 'Drupal User ID'
+ exclude: false
+ alter:
+ alter_text: false
+ text: ''
+ make_link: false
+ path: ''
+ absolute: false
+ external: false
+ replace_spaces: false
+ path_case: none
+ trim_whitespace: false
+ alt: ''
+ rel: ''
+ link_class: ''
+ prefix: ''
+ suffix: ''
+ target: ''
+ nl2br: false
+ max_length: 0
+ word_boundary: true
+ ellipsis: true
+ more_link: false
+ more_link_text: ''
+ more_link_path: ''
+ strip_tags: false
+ trim: false
+ preserve_tags: ''
+ html: false
+ element_type: ''
+ element_class: ''
+ element_label_type: ''
+ element_label_class: ''
+ element_label_colon: true
+ element_wrapper_type: ''
+ element_wrapper_class: ''
+ element_default_classes: true
+ empty: ''
+ hide_empty: false
+ empty_zero: false
+ hide_alter_empty: true
+ set_precision: false
+ precision: 0
+ decimal: .
+ separator: ''
+ format_plural: false
+ format_plural_string: !!binary MQNAY291bnQ=
+ prefix: ''
+ suffix: ''
+ name:
+ id: name
+ table: users_field_data
+ field: name
+ relationship: uid
+ group_type: group
+ admin_label: ''
+ entity_type: user
+ entity_field: name
+ plugin_id: field
+ label: 'Drupal User Name'
+ exclude: false
+ alter:
+ alter_text: false
+ text: ''
+ make_link: false
+ path: ''
+ absolute: false
+ external: false
+ replace_spaces: false
+ path_case: none
+ trim_whitespace: false
+ alt: ''
+ rel: ''
+ link_class: ''
+ prefix: ''
+ suffix: ''
+ target: ''
+ nl2br: false
+ max_length: 0
+ word_boundary: true
+ ellipsis: true
+ more_link: false
+ more_link_text: ''
+ more_link_path: ''
+ strip_tags: false
+ trim: false
+ preserve_tags: ''
+ html: false
+ element_type: ''
+ element_class: ''
+ element_label_type: ''
+ element_label_class: ''
+ element_label_colon: true
+ element_wrapper_type: ''
+ element_wrapper_class: ''
+ element_default_classes: true
+ empty: ''
+ hide_empty: false
+ empty_zero: false
+ hide_alter_empty: true
+ click_sort_column: value
+ type: user_name
+ settings:
+ link_to_entity: true
+ group_column: value
+ group_columns: { }
+ group_rows: true
+ delta_limit: 0
+ delta_offset: 0
+ delta_reversed: false
+ delta_first_last: false
+ multi_type: separator
+ separator: ', '
+ field_api_classes: false
+ delete:
+ id: delete
+ table: authmap
+ field: delete
+ relationship: none
+ group_type: group
+ admin_label: ''
+ plugin_id: samlauth_link_delete
+ label: delete
+ exclude: false
+ alter:
+ alter_text: false
+ text: ''
+ make_link: false
+ path: ''
+ absolute: false
+ external: false
+ replace_spaces: false
+ path_case: none
+ trim_whitespace: false
+ alt: ''
+ rel: ''
+ link_class: ''
+ prefix: ''
+ suffix: ''
+ target: ''
+ nl2br: false
+ max_length: 0
+ word_boundary: true
+ ellipsis: true
+ more_link: false
+ more_link_text: ''
+ more_link_path: ''
+ strip_tags: false
+ trim: false
+ preserve_tags: ''
+ html: false
+ element_type: ''
+ element_class: ''
+ element_label_type: ''
+ element_label_class: ''
+ element_label_colon: true
+ element_wrapper_type: ''
+ element_wrapper_class: ''
+ element_default_classes: true
+ empty: ''
+ hide_empty: false
+ empty_zero: false
+ hide_alter_empty: true
+ text: delete
+ output_url_as_text: false
+ absolute: false
+ pager:
+ type: mini
+ options:
+ offset: 0
+ items_per_page: 50
+ total_pages: null
+ id: 0
+ tags:
+ next: ››
+ previous: ‹‹
+ expose:
+ items_per_page: false
+ items_per_page_label: 'Items per page'
+ items_per_page_options: '5, 10, 25, 50'
+ items_per_page_options_all: false
+ items_per_page_options_all_label: '- All -'
+ offset: false
+ offset_label: Offset
+ exposed_form:
+ type: basic
+ options:
+ submit_button: Apply
+ reset_button: false
+ reset_button_label: Reset
+ exposed_sorts_label: 'Sort by'
+ expose_sort_order: true
+ sort_asc_label: Asc
+ sort_desc_label: Desc
+ access:
+ type: perm
+ options:
+ perm: 'configure saml'
+ cache:
+ type: none
+ options: { }
+ empty:
+ area_text_custom:
+ id: area_text_custom
+ table: views
+ field: area_text_custom
+ relationship: none
+ group_type: group
+ admin_label: ''
+ plugin_id: text_custom
+ empty: true
+ content: 'No links (from SAML Authentication ID to Drupal user) found.'
+ tokenize: false
+ sorts: { }
+ arguments: { }
+ filters:
+ authname:
+ id: authname
+ table: authmap
+ field: authname
+ relationship: none
+ group_type: group
+ admin_label: ''
+ plugin_id: string
+ operator: starts
+ value: ''
+ group: 1
+ exposed: true
+ expose:
+ operator_id: authname_op
+ label: 'SAML IdP Unique ID'
+ description: ''
+ use_operator: false
+ operator: authname_op
+ operator_limit_selection: false
+ operator_list: { }
+ identifier: authname
+ required: false
+ remember: false
+ multiple: false
+ remember_roles:
+ authenticated: authenticated
+ anonymous: '0'
+ administrator: '0'
+ role3: '0'
+ role4: '0'
+ placeholder: ''
+ is_grouped: false
+ group_info:
+ label: ''
+ description: ''
+ identifier: ''
+ optional: true
+ widget: select
+ multiple: false
+ remember: false
+ default_group: All
+ default_group_multiple: { }
+ group_items: { }
+ uid:
+ id: uid
+ table: users_field_data
+ field: uid
+ relationship: uid
+ group_type: group
+ admin_label: ''
+ entity_type: user
+ entity_field: uid
+ plugin_id: user_name
+ operator: in
+ value: { }
+ group: 1
+ exposed: true
+ expose:
+ operator_id: uid_op
+ label: 'Drupal user'
+ description: ''
+ use_operator: false
+ operator: uid_op
+ operator_limit_selection: false
+ operator_list: { }
+ identifier: uid
+ required: false
+ remember: false
+ multiple: false
+ remember_roles:
+ authenticated: authenticated
+ anonymous: '0'
+ administrator: '0'
+ role3: '0'
+ role4: '0'
+ reduce: false
+ is_grouped: false
+ group_info:
+ label: ''
+ description: ''
+ identifier: ''
+ optional: true
+ widget: select
+ multiple: false
+ remember: false
+ default_group: All
+ default_group_multiple: { }
+ group_items: { }
+ provider_field:
+ id: provider_field
+ table: authmap
+ field: provider_field
+ relationship: none
+ group_type: group
+ admin_label: ''
+ plugin_id: string
+ operator: '='
+ value: samlauth
+ group: 1
+ exposed: false
+ expose:
+ operator_id: ''
+ label: ''
+ description: ''
+ use_operator: false
+ operator: ''
+ operator_limit_selection: false
+ operator_list: { }
+ identifier: ''
+ required: false
+ remember: false
+ multiple: false
+ remember_roles:
+ authenticated: authenticated
+ placeholder: ''
+ is_grouped: false
+ group_info:
+ label: ''
+ description: ''
+ identifier: ''
+ optional: true
+ widget: select
+ multiple: false
+ remember: false
+ default_group: All
+ default_group_multiple: { }
+ group_items: { }
+ style:
+ type: table
+ options:
+ grouping: { }
+ row_class: ''
+ default_row_class: true
+ columns:
+ authname: authname
+ uid: uid
+ name: name
+ delete: delete
+ default: authname
+ info:
+ authname:
+ sortable: true
+ default_sort_order: asc
+ align: ''
+ separator: ''
+ empty_column: false
+ responsive: ''
+ uid:
+ sortable: true
+ default_sort_order: asc
+ align: ''
+ separator: ''
+ empty_column: false
+ responsive: ''
+ name:
+ sortable: true
+ default_sort_order: asc
+ align: ''
+ separator: ''
+ empty_column: false
+ responsive: ''
+ delete:
+ sortable: false
+ default_sort_order: asc
+ align: ''
+ separator: ''
+ empty_column: false
+ responsive: ''
+ override: true
+ sticky: false
+ summary: ''
+ empty_table: false
+ caption: ''
+ description: ''
+ row:
+ type: fields
+ query:
+ type: views_query
+ options:
+ query_comment: ''
+ disable_sql_rewrite: false
+ distinct: false
+ replica: false
+ query_tags: { }
+ relationships:
+ uid:
+ id: uid
+ table: authmap
+ field: uid
+ relationship: none
+ group_type: group
+ admin_label: 'Linked Drupal user'
+ plugin_id: standard
+ required: false
+ show_admin_links: false
+ header: { }
+ footer: { }
+ display_extenders: { }
+ cache_metadata:
+ max-age: -1
+ contexts:
+ - 'languages:language_content'
+ - 'languages:language_interface'
+ - url
+ - url.query_args
+ - user.permissions
+ tags: { }
+ page:
+ id: page
+ display_title: Page
+ display_plugin: page
+ position: 1
+ display_options:
+ display_extenders: { }
+ path: admin/config/people/saml/authmap
+ menu:
+ type: tab
+ title: Links
+ description: ''
+ weight: 7
+ expanded: false
+ menu_name: admin
+ parent: samlauth.samlauth_configure_form
+ context: '0'
+ cache_metadata:
+ max-age: -1
+ contexts:
+ - 'languages:language_content'
+ - 'languages:language_interface'
+ - url
+ - url.query_args
+ - user.permissions
+ tags: { }
diff --git a/content/node/72f0069b-f1ec-4122-af73-6aa841faea90.yml b/content/node/72f0069b-f1ec-4122-af73-6aa841faea90.yml
index 163b91941..81e51df21 100644
--- a/content/node/72f0069b-f1ec-4122-af73-6aa841faea90.yml
+++ b/content/node/72f0069b-f1ec-4122-af73-6aa841faea90.yml
@@ -79,7 +79,7 @@ default:
value: { }
su_banner_body:
-
- value: "To edit this page, log in with your SUNetID. After you log in, return to the homepage, and use it as a template to begin building your site.
\r\n"
+ value: "To edit this page, log in with your SUNetID. After you log in, return to the homepage, and use it as a template to begin building your site.
\r\n"
format: stanford_minimal_html
su_banner_header:
-
diff --git a/src/Config/ConfigOverrides.php b/src/Config/ConfigOverrides.php
index 7c097bee1..19d3d1327 100644
--- a/src/Config/ConfigOverrides.php
+++ b/src/Config/ConfigOverrides.php
@@ -38,11 +38,9 @@ class ConfigOverrides implements ConfigFactoryOverrideInterface {
* @param \Drupal\Core\Config\ConfigFactoryInterface $config_factory
* Config factory service.
*/
- public function __construct(StateInterface $state, ConfigFactoryInterface $config_factory = NULL) {
+ public function __construct(StateInterface $state, ConfigFactoryInterface $config_factory) {
$this->state = $state;
- if ($config_factory) {
- $this->configFactory = $config_factory;
- }
+ $this->configFactory = $config_factory;
}
/**
@@ -78,11 +76,60 @@ public function loadOverrides($names) {
}
}
}
- $this->setOverridesGoogleTag($names, $overrides);
+ $this->setOverridesGoogleTag($names, $overrides);
+ if (in_array('stanford_samlauth.settings', $names)) {
+ $this->setSamlOverrides($overrides);
+ }
return $overrides;
}
+ /**
+ * Set the saml config overrides.
+ *
+ * @param array $overrides
+ * Keyed array of config overrides.
+ */
+ protected function setSamlOverrides(array &$overrides) {
+ $original_mapping = $this->configFactory->getEditable('stanford_samlauth.settings')
+ ->getOriginal('role_mapping.mapping');
+
+ $config_page_mapping = self::getConfigPageValue('stanford_saml', 'su_simplesaml_roles', 0, 'value', '');
+ foreach (array_filter(explode('|', $config_page_mapping)) as $mapping) {
+ [$role, $conditions] = explode(':', $mapping, 2);
+ [$attribute, , $value] = explode(',', $conditions, 3);
+ $original_mapping[] = [
+ 'role' => $role,
+ 'attribute' => $attribute,
+ 'value' => $value,
+ ];
+ }
+ $overrides['stanford_samlauth.settings']['role_mapping']['mapping'] = $original_mapping;
+ }
+
+ /**
+ * Get the field value from a config page.
+ *
+ * @param string $config_id
+ * Config page name.
+ * @param string $field_name
+ * Field on the config page.
+ * @param array|int $deltas
+ * Delta to fetch the field value.
+ * @param string|null $key
+ * Column key on the field.
+ * @param mixed|null $default
+ * Optional default value if the config page value is empty.
+ *
+ * @return array|mixed|null
+ * Config page field value.
+ */
+ protected static function getConfigPageValue($config_id, $field_name, $deltas = [], $key = NULL, $default = NULL) {
+ /** @var \Drupal\config_pages\ConfigPagesLoaderServiceInterface $cp_loader */
+ $cp_loader = \Drupal::service('config_pages.loader');
+ return $cp_loader->getValue($config_id, $field_name, $deltas, $key) ?: $default;
+ }
+
/**
* Disable google tag manager entities when not on prod environment.
*
diff --git a/stanford_profile.info.yml b/stanford_profile.info.yml
index 179854349..463b60e59 100644
--- a/stanford_profile.info.yml
+++ b/stanford_profile.info.yml
@@ -101,7 +101,6 @@ install:
- 'redirect:redirect'
- 'role_delegation:role_delegation'
- 'seckit:seckit'
- - 'simplesamlphp_auth:simplesamlphp_auth'
- 'stanford_date_formats:stanford_date_formats'
- 'stanford_fields:stanford_fields'
- 'stanford_image_styles:stanford_image_styles'
@@ -110,7 +109,6 @@ install:
- 'stanford_profile_helper:stanford_paragraph_card'
- 'stanford_profile_helper:stanford_profile_helper'
- 'stanford_profile_helper:stanford_profile_styles'
- - 'stanford_ssp:stanford_ssp'
- 'stanford_text_editor:stanford_text_editor'
- 'token:token'
- 'ui_patterns:ui_patterns'
diff --git a/tests/codeception/acceptance/SubThemeCest.php b/tests/codeception/acceptance/SubThemeCest.php
index 96ab157b0..3a187e4e4 100644
--- a/tests/codeception/acceptance/SubThemeCest.php
+++ b/tests/codeception/acceptance/SubThemeCest.php
@@ -113,18 +113,10 @@ public function testMinimalSubtheme(AcceptanceTester $I) {
* If config ignore module should be disabled first.
*/
protected function runConfigImport(AcceptanceTester $I, $disable_config_ignore = FALSE) {
- $drush_response = $I->runDrush('pm-list --filter=name=stanford_ssp --format=json');
- $drush_response = json_decode($drush_response, TRUE);
- $saml_enabled = $drush_response['stanford_ssp']['status'] == 'Enabled';
-
if ($disable_config_ignore) {
$I->runDrush('pmu config_ignore');
}
-
$I->runDrush('config-import -y');
- if (!$saml_enabled) {
- $I->runDrush('pm-uninstall simplesamlphp_auth -y');
- }
}
/**
diff --git a/tests/codeception/acceptance/Users/IntranetCest.php b/tests/codeception/acceptance/Users/IntranetCest.php
index d111c07e8..09c76957a 100644
--- a/tests/codeception/acceptance/Users/IntranetCest.php
+++ b/tests/codeception/acceptance/Users/IntranetCest.php
@@ -5,6 +5,7 @@
*
* @group users
* @group no-parallel
+ * @group intranet
*/
class IntranetCest {
@@ -57,6 +58,7 @@ public function testIntranet(AcceptanceTester $I) {
$I->canSeeResponseCodeIsBetween(301, 403);
$I->canSeeNumberOfElements('.su-multi-menu__menu a', 0);
+ $I->startFollowingRedirects();
$I->logInWithRole('authenticated');
$I->amOnPage('/');
$I->canSeeResponseCodeIsSuccessful();
@@ -94,11 +96,11 @@ public function testAccess(AcceptanceTester $I) {
$page_url = $I->grabFromCurrentUrl();
$I->amOnPage('/user/logout');
- // Anonymous users will get denied access.
+ // Anonymous users will get redirected to the login page.
$I->amOnPage($page_url);
- $I->canSeeResponseCodeIs(403);
+ $I->canSeeInCurrentUrl('/user/login?destination=' . $page_url);
- // Staff will be denied access.
+ // Logged in staff will be denied access.
$I->logInWithRole('stanford_staff');
$I->amOnPage($page_url);
$I->canSeeResponseCodeIs(403);
@@ -149,9 +151,11 @@ public function testSearchResults(AcceptanceTester $I) {
public function testMediaAccess(AcceptanceTester $I) {
$I->runDrush('sset stanford_intranet 1');
$I->runDrush('sset stanford_intranet.allow_file_uploads 1');
+
$I->logInWithRole('site_manager');
$I->amOnPage('/media/add/file');
$I->canSeeResponseCodeIs(200);
+ $I->amOnPage('/user/logout');
$I->runDrush('sset stanford_intranet.allow_file_uploads 0');
$I->logInWithRole('site_manager');
diff --git a/tests/src/Kernel/Plugin/InstallTask/SiteSettingsTest.php b/tests/src/Kernel/Plugin/InstallTask/SiteSettingsTest.php
index 678deb16a..18f00db36 100644
--- a/tests/src/Kernel/Plugin/InstallTask/SiteSettingsTest.php
+++ b/tests/src/Kernel/Plugin/InstallTask/SiteSettingsTest.php
@@ -32,8 +32,6 @@ class SiteSettingsTest extends KernelTestBase {
'config_pages',
'config_pages_overrides',
'externalauth',
- 'simplesamlphp_auth',
- 'stanford_ssp',
'path_alias',
'user',
'field',
diff --git a/tests/src/Unit/Config/ConfigOverridesTest.php b/tests/src/Unit/Config/ConfigOverridesTest.php
index ca829533c..a473e1e1b 100644
--- a/tests/src/Unit/Config/ConfigOverridesTest.php
+++ b/tests/src/Unit/Config/ConfigOverridesTest.php
@@ -2,9 +2,11 @@
namespace Drupal\Tests\stanford_profile\Unit\Config;
+use Drupal\config_pages\ConfigPagesLoaderServiceInterface;
use Drupal\Core\Cache\CacheableMetadata;
use Drupal\Core\Config\Config;
use Drupal\Core\Config\ConfigFactoryInterface;
+use Drupal\Core\DependencyInjection\ContainerBuilder;
use Drupal\Core\State\StateInterface;
use Drupal\stanford_profile\Config\ConfigOverrides;
use Drupal\Tests\UnitTestCase;
@@ -28,16 +30,22 @@ class ConfigOverridesTest extends UnitTestCase {
protected function setUp(): void {
parent::setUp();
$state = $this->createMock(StateInterface::class);
- $state->method('get')->will($this->returnCallback([
- $this,
- 'getStateCallback',
- ]));
+ $state->method('get')
+ ->will($this->returnCallback([$this, 'getStateCallback']));
$config_factory = $this->createMock(ConfigFactoryInterface::class);
$config_factory->method('getEditable')
->will($this->returnCallback([$this, 'getConfigCallback']));
$this->overrideService = new ConfigOverrides($state, $config_factory);
+
+ $config_page_loader = $this->createMock(ConfigPagesLoaderServiceInterface::class);
+ $config_page_loader->method('getValue')
+ ->will($this->returnCallback([$this, 'getConfigPageValue']));
+
+ $container = new ContainerBuilder();
+ $container->set('config_pages.loader', $config_page_loader);
+ \Drupal::setContainer($container);
}
public function testConfigOverrides() {
@@ -89,6 +97,20 @@ public function testGoogleTagOverrides() {
$this->assertEquals($expected, $overrides);
}
+ public function testSamlOverrides() {
+ $overrides = $this->overrideService->loadOverrides(['stanford_samlauth.settings']);
+ $expected = [
+ 'stanford_samlauth.settings' => [
+ 'role_mapping' => [
+ 'mapping' => [
+ ['role' => 'foo', 'attribute' => 'bar', 'value' => 'baz:bin'],
+ ],
+ ],
+ ],
+ ];
+ $this->assertEquals($expected, $overrides);
+ }
+
/**
* State callback.
*/
@@ -134,4 +156,11 @@ public function testConfigOverridesDuringInstall(){
$this->assertEquals($expected, $overrides);
}
+ public function getConfigPageValue($page, $field, $deltas = [], $key = NULL) {
+ switch ($field) {
+ case 'su_simplesaml_roles':
+ return 'foo:bar,=,baz:bin';
+ }
+ }
+
}