- Issue created by @vittalaithal
- last update
about 1 year ago 3 pass - @vittalaithal opened merge request.
- π³π±Netherlands e.ruiter
I had the same problem and the merge request !11 fixed it, thanks!
The Samlauth module allows SAML users to be mapped to local users by one or more of:
When logging in, Drupal\samlauth\SamlService->doLogin is called. This will do the following if no account is passed in:
The problem is that if you are linking by email and not by name, a legitimate saml user who has both a matching name and email to a local user will not be able to log in. They'll be found by the login lookup, and because login linking is off, they'll be denied access. However, they really should be allowed access because their email does match.
Create a local user:
login: test
email: test@example.com
Configure samlauth module with:
Enable matching on name - off
Enable matching on email - on
Attempt to log in as test user via saml - the link exception will be thrown
If a user account is found by name, and linking by name is off, do not immediately throw an exception. Rather, check if linking by email is enabled, the saml user has an email and the email matches the local user email. Only if all of those test fail throw the exception.
Active
3.0
Code
I had the same problem and the merge request !11 fixed it, thanks!