Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make provisioning identifier configurable #240

Closed
phavekes opened this issue Aug 20, 2024 · 2 comments
Closed

Make provisioning identifier configurable #240

phavekes opened this issue Aug 20, 2024 · 2 comments
Assignees
@oharsta @phavekes
Labels
server
Milestone
0.0.22

Comments

@phavekes
Copy link
Member

phavekes commented Aug 20, 2024
edited
Loading

This issue is imported from pivotal

Door in de manage-config aan te geven welk attribuut gebruikt moet worden als gebruikers-identifier bij (SCIM) provisioning, kan de applicatie flexibel zijn in welke identifier gebruikt gaat worden bij authenticatie. Primaire use-case is het inzetten van de subjectID, wat nog niet door alle instellingen ondersteund wordt.

Default is nu eppn, keuzelijst met

  • subject_id (urn:oasis:names:tc:SAML:attribute:subject-id)\
  • eduperson_principal_name (urn:mace:dir:attribute-def:eduPersonPrincipalName)\
  • uids (urn:mace:dir:attribute-def:uid) - is a multi-value attribute\
  • email (urn:mace:dir:attribute-def:mail)\
  • eduID (urn:mace:eduid.nl:1.1)
@phavekes phavekes self-assigned this Aug 20, 2024
@phavekes phavekes moved this from Icebox to Backlog in Openconext-Invite Aug 20, 2024
@phavekes
Copy link
Member Author

phavekes commented Aug 21, 2024
edited by oharsta
Loading

Flow when using the targeted eduID identifier in the provisioning

  1. user logs in and accepts invite
  2. start provisioning
  3. Lookup provisioning in manage.
  4. If provisioning-identifier is eduID, lookup institutuinGUID for the provisioning in manage

  • Add new API to eduID:

  • Input : any targeted eduID identifier + InstitutionGUID

  • eduID will lookup or create the eduID identifier for the institution, and return this

  • New API endpoint for Invite OpenConext-myconext#533

  • Add Validation in manage:

  • If the provisioning identifier is eduid a InstitutionGUID for the provisioning must be provided and exist for an IdP

  • Log a warning if the configured identifier for the provisioning was not available in the SAML assertion for the user, and fall back to eppn

  • Write a testing-scenario for openconext-playground (@phavekes)

@phavekes phavekes added this to the 0.0.19 milestone Aug 21, 2024
@oharsta oharsta self-assigned this Aug 21, 2024
oharsta added a commit that referenced this issue Sep 9, 2024
@oharsta
WIP for #240
8ad83fd
@phavekes phavekes modified the milestones: 0.0.22, 0.0.23 Oct 11, 2024
oharsta added a commit that referenced this issue Oct 11, 2024
@oharsta
WIP for #240
ce2f4a8
oharsta added a commit that referenced this issue Oct 12, 2024
@oharsta
Fixed tests for #240
3e03fde
@oharsta oharsta modified the milestones: 0.0.23, 0.0.22 Oct 17, 2024
@phavekes
Copy link
Member Author

Untested, but no effect if not configured in manage

@phavekes phavekes moved this from External Testing to To be deployed in Openconext-Invite Oct 29, 2024
@github-project-automation github-project-automation bot moved this from To be deployed to Delivered in Openconext-Invite Dec 10, 2024
@phavekes phavekes moved this from Delivered to External Testing in Openconext-Invite Dec 10, 2024
@phavekes phavekes moved this from External Testing to Done in Openconext-Invite Jan 28, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@oharsta oharsta

@phavekes phavekes

Labels
server
Projects
Openconext-Invite
Status: Done
Milestone
0.0.22
Development

No branches or pull requests
2 participants
@oharsta @phavekes