- Issue created by @rex.barkdoll
Hi,
Thank you for the amazing work on this module. We use it daily and it has truly been a lifesaver.
I have been trying to implement the ECA module recently and noticed that when I tried to implement one of the simple models of redirecting a user after they login based on their role, that the action wasn't doing what I wanted it to when there was a role change from the IdP to the SP.
I created a ticket with ECA, describing the issue and they recommended that the best place to make a change would be with the SimpleSAML module. https://www.drupal.org/project/eca/issues/3424181 π¬ ECA role evaluation with SAML login Active
What I think is happening, and the ECA developer confirmed, is that SimpleSAML's role change event is happening later in the event order and ECA is implementing the redirect before SimpleSAML assigns the new roles. Based on my understanding of ECA and they're deep understanding of the Drupal Events stack, I think they're doing everything correctly and just need some help from SimpleSAML_auth to look for the right things.
@jurgenhaas recommended 2 solutions: π¬ ECA role evaluation with SAML login Active
To resolve that, I see 2 approaches:
- SimpleSAML module implements a new event that they dispatch after they've finished the role sync. Then an ECA integration could be implemented that gets to know about that event and you could use that as your starting event.
- SimpleSAML could raise their priority, so that their hook for the user login gets dispatched first.
Both are on the SimpleSAML module and I could imagine that both are valid and would not only benefit ECA but also other use cases. From what you described, it feels as if the role sync needs to be the first thing to happen in any event. I would have thought it should even be part of the session initialization and not an after login hook.
Thank you for any help on this
Active
4.0
Code