From f5024c3c77d49f6290c8942cd3b7006c2732fbc6 Mon Sep 17 00:00:00 2001 From: Art Lukyanchyk <artiom.lukyanchyk@hs-hannover.de> Date: Tue, 16 Jan 2018 16:52:38 +0100 Subject: [PATCH] Remove the hardcoded "IDMGroups" expected from IdP --- ssoauth/app_settings/defaults.py | 2 ++ ssoauth/views.py | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/ssoauth/app_settings/defaults.py b/ssoauth/app_settings/defaults.py index 1b511fa..23fb520 100644 --- a/ssoauth/app_settings/defaults.py +++ b/ssoauth/app_settings/defaults.py @@ -32,6 +32,8 @@ SSO_REQUIRED_OUTSIDE_MANAGE_PY = True # enabled to ensure that production (that SP_SLS_ENABLED = False # single log out creates too many problems, so it is disabled for now SP_SLS_X_FRAME_OPTIONS = None # in case you encounter problems with SLS view not allowed inside of an iframe, e.g. "ALLOW-FROM idp-test.it.hs-hannover.de idp.hs-hannover.de" +GROUPS_SAML_ATTRIBUTE = "IDMGroups" # this SAML attribute is expected to contain list of groups for a user + """ Settings you might want to change on development (don't change them for production): """ diff --git a/ssoauth/views.py b/ssoauth/views.py index bcd1c0f..3aed913 100644 --- a/ssoauth/views.py +++ b/ssoauth/views.py @@ -28,7 +28,7 @@ ATTRIBUTE_MAPPING = dict( forename="urn:oid:2.5.4.42", surname="urn:oid:2.5.4.4", uuid="UUID", - idm_groups="IDMGroups", + groups=app_settings.GROUPS_SAML_ATTRIBUTE, ) @@ -195,7 +195,7 @@ class ACSAuthNView(SAMLMixin, View): ) auth_utils.set_user_groups( user=user, - group_dn_list=get_attr("idm_groups", nullable=True, multivalued=True) or list() + saml2_groups=get_attr("groups", nullable=True, multivalued=True) or list() ) auth_utils.cleanup_direct_permissions(user=user) auth_utils.set_user_compat_flags(user=user) -- GitLab