From f5024c3c77d49f6290c8942cd3b7006c2732fbc6 Mon Sep 17 00:00:00 2001
From: Art Lukyanchyk <artiom.lukyanchyk@hs-hannover.de>
Date: Tue, 16 Jan 2018 16:52:38 +0100
Subject: [PATCH] Remove the hardcoded "IDMGroups" expected from IdP

---
 ssoauth/app_settings/defaults.py | 2 ++
 ssoauth/views.py                 | 4 ++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/ssoauth/app_settings/defaults.py b/ssoauth/app_settings/defaults.py
index 1b511fa..23fb520 100644
--- a/ssoauth/app_settings/defaults.py
+++ b/ssoauth/app_settings/defaults.py
@@ -32,6 +32,8 @@ SSO_REQUIRED_OUTSIDE_MANAGE_PY = True  # enabled to ensure that production (that
 SP_SLS_ENABLED = False  # single log out creates too many problems, so it is disabled for now
 SP_SLS_X_FRAME_OPTIONS = None  # in case you encounter problems with SLS view not allowed inside of an iframe, e.g. "ALLOW-FROM idp-test.it.hs-hannover.de idp.hs-hannover.de"
 
+GROUPS_SAML_ATTRIBUTE = "IDMGroups"  # this SAML attribute is expected to contain list of groups for a user
+
 """
 Settings you might want to change on development (don't change them for production):
 """
diff --git a/ssoauth/views.py b/ssoauth/views.py
index bcd1c0f..3aed913 100644
--- a/ssoauth/views.py
+++ b/ssoauth/views.py
@@ -28,7 +28,7 @@ ATTRIBUTE_MAPPING = dict(
     forename="urn:oid:2.5.4.42",
     surname="urn:oid:2.5.4.4",
     uuid="UUID",
-    idm_groups="IDMGroups",
+    groups=app_settings.GROUPS_SAML_ATTRIBUTE,
 )
 
 
@@ -195,7 +195,7 @@ class ACSAuthNView(SAMLMixin, View):
         )
         auth_utils.set_user_groups(
             user=user,
-            group_dn_list=get_attr("idm_groups", nullable=True, multivalued=True) or list()
+            saml2_groups=get_attr("groups", nullable=True, multivalued=True) or list()
         )
         auth_utils.cleanup_direct_permissions(user=user)
         auth_utils.set_user_compat_flags(user=user)
-- 
GitLab