Expand functionality username to allow unique id and lookup other than email

Created on 17 September 2024, 4 months ago

Problem/Motivation

When using multiple IDP's it is possible to have some unique ID shared between all IDP's but that have different email domains. In the case that first brought this issue up it was in using Azure SSO which had 1 unique id shared across multiple email domains. Example:

Azure test login
uid = usr1
email = usr1@test-domain.com

Azure prod login
uid = usr1
email = usr1@prod-domain.com

We want both of these logins to link to 1 accounts as the unique ID us the same. So I have some proposed changes/expansion of functionality

Steps to reproduce

You would need 2 idp's that have the same uid but different email domains

Proposed resolution

PR - ready for comment/review

Remaining tasks

Maintainers input

User interface changes

Extra config on saml_sp config form
Expanded config on the idp form for NameID field options

API changes

None

Data model changes

None

✨ Feature request

Status

Active

Version

4.3

Component

Code

Created by

wjuda

Live updates comments and jobs are added and updated live.

Merge Requests

!59Expand functionality username to allow unique id and lookup other than email
Open
wjuda
updated 4 months ago

Comments & Activities

Issue created by @wjuda
Merge request !59Functionality addition to allow username to be set to another shib property... → (Open) created by wjuda
Pipeline finished with Failed
4 months ago
Total: 155s
#285434
Comment 4 months ago →
wjuda

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024