Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow user group mapping #51

Open
wants to merge 3 commits into
base: main
Choose a base branch
from

Conversation

Jianbinzhu
Copy link

This will allow group mapping enable if needed via

SilverStripe\SAML\Services\SAMLConfiguration:
  map_user_group: true

and then specify the group claims field

SilverStripe\SAML\Helpers\SAMLUserGroupMapper:
  group_claims_field: 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/groups'

@Jianbinzhu Jianbinzhu force-pushed the feature/user-group-mapping branch from 0ff8f4d to 7936e96 Compare October 9, 2023 23:06
/**
* @var string
*/
private static $group_claims_field;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
private static $group_claims_field;
private static string $group_claims_field;

/**
* @var array
*/
private static $dependencies = [
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
private static $dependencies = [
private static array $dependencies = [

* @param Member $member
* @return Member
*/
public function map($attributes, $member): Member
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
public function map($attributes, $member): Member
public function map(array $attributes, Member $member): Member

*/
public function map($attributes, $member): Member
{
$groups = $this->config()->get('group_claims_field');
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

config() is a static method

Suggested change
$groups = $this->config()->get('group_claims_field');
$groups = self::config()->get('group_claims_field');

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

// Get groups from saml response
$groupTitles = $attributes[$groups];

foreach ($groupTitles as $groupTitle) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Move the query outside the loop, so we are executing one query that fetches everything into Arraylist. then you can look at the titles and check if we have the group or if we need a new one.

$group->write();
}

$member->Groups()->add($group);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we also want to remove users from groups they are no longer part of - this probably requires marking groups as 'synced' in some way so we know which ones to remove them from. Its quite likely that a site would have some groups synced with saml but others that are not (we've got at least one project with this requirement) - we wouldn't want to remove users from these 'manual' groups.

*/
public function map($attributes, $member): Member
{
$groups = $this->config()->get('group_claims_field');
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@madmatt
Copy link
Member

madmatt commented Nov 18, 2024

Hey @Jianbinzhu, are you still keen to merge this in? There are a few merge conflicts now, but I'd be happy to merge once those are resolved.

@NightJar
Copy link
Contributor

I've taken a look at this recently @madmatt - there is another branch that is more up to date, and I'm looking to combine it into some work that's set to come after #68 gets merged ;)
As it stands it's both incomplete & incompatible.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants