diff --git a/ssoauth/app_settings/defaults.py b/ssoauth/app_settings/defaults.py index 1b511fab1cc069ebf5af68d09e8d85f240152f3a..23fb520780e4eaa51526d593b74ad9821292ce03 100644 --- a/ssoauth/app_settings/defaults.py +++ b/ssoauth/app_settings/defaults.py @@ -32,6 +32,8 @@ SSO_REQUIRED_OUTSIDE_MANAGE_PY = True # enabled to ensure that production (that SP_SLS_ENABLED = False # single log out creates too many problems, so it is disabled for now SP_SLS_X_FRAME_OPTIONS = None # in case you encounter problems with SLS view not allowed inside of an iframe, e.g. "ALLOW-FROM idp-test.it.hs-hannover.de idp.hs-hannover.de" +GROUPS_SAML_ATTRIBUTE = "IDMGroups" # this SAML attribute is expected to contain list of groups for a user + """ Settings you might want to change on development (don't change them for production): """ diff --git a/ssoauth/views.py b/ssoauth/views.py index bcd1c0f74f003175aa6dcedea1c0f8b05a5618c6..3aed913af6ec8cb333293596e1e19ebb8d95764b 100644 --- a/ssoauth/views.py +++ b/ssoauth/views.py @@ -28,7 +28,7 @@ ATTRIBUTE_MAPPING = dict( forename="urn:oid:2.5.4.42", surname="urn:oid:2.5.4.4", uuid="UUID", - idm_groups="IDMGroups", + groups=app_settings.GROUPS_SAML_ATTRIBUTE, ) @@ -195,7 +195,7 @@ class ACSAuthNView(SAMLMixin, View): ) auth_utils.set_user_groups( user=user, - group_dn_list=get_attr("idm_groups", nullable=True, multivalued=True) or list() + saml2_groups=get_attr("groups", nullable=True, multivalued=True) or list() ) auth_utils.cleanup_direct_permissions(user=user) auth_utils.set_user_compat_flags(user=user)