phpsaml icon indicating copy to clipboard operation
phpsaml copied to clipboard

Published 20 hours ago verified publisher icon derricksmith

JIT is not applying Authorizations assignment rules

Open DonutsNL opened this issue 2 years ago • 13 comments

Currently the JIT is ignoring the Authorizations assignment rules and will create the user using glpi default rules in the root entity with the default profile.

Ldap rules are just that, designed for ldap sync.

DonutsNL avatar Jul 25 '22 14:07 DonutsNL

applyRightRules require some ldap specifics. Going to do some tests to see if this method is usable.

DonutsNL avatar Jul 25 '22 20:07 DonutsNL

Thanks for your work on this one!

derricksmith avatar Jul 25 '22 20:07 derricksmith

Also interested by this feature. Thank you for the great job and support !!!

Ketchup31 avatar Aug 10 '22 19:08 Ketchup31

There is some documentation but its not up to date. https://glpi-developer-documentation.readthedocs.io/en/master/devapi/rules.html

Am in the process of applying these rules and backwards engineer a bit 😅

DonutsNL avatar Aug 11 '22 16:08 DonutsNL

Ok .. We believe in you :crossed_fingers: Thank you

Ketchup31 avatar Aug 11 '22 16:08 Ketchup31

Update: Its kinda frustrating.

I have the rules interface working but its not matching the criteria correctly and is not updating the user object as a result.

@derricksmith is it oké to upload the sources for the rules engine. I think i can use some help in getting the created rules to match. Testing the rule in the interface works as expected. The update will introduce a rules conf option that allowes rules to be created in a saml sub_type.

image image

DonutsNL avatar Sep 02 '22 21:09 DonutsNL

I'm not super familiar with the rules workflow. Can you create a PR so I can see what you want to add?

derricksmith avatar Nov 17 '22 03:11 derricksmith

I created a branch called Rules Engine. If its easier for you, just send the files over to [email protected] and I'll upload to the branch.

derricksmith avatar Nov 17 '22 04:11 derricksmith

created a pull request with the changes made : https://github.com/derricksmith/phpsaml/pull/116

Its possible to create PHPSaml rules in the GLPI interface. image image

I created a testscript in the branch to test these rules. It reports that the rule is matched correctly and it is applying the rules. image

The problem is that the rules are in fact not applied (when validating). image

No error is generated. I was about to start tracing the database for update statements and see what (if anything) is happening.

DonutsNL avatar Nov 25 '22 14:11 DonutsNL

As i expected, its is not performing the update action. Im not sure why. image

DonutsNL avatar Nov 25 '22 16:11 DonutsNL

A hook is performed on the plugin's ruleright.class.php method executeActions($output, $params, array $input = []) { }, it seems that we need to implement the updates our self's.

DonutsNL avatar Nov 26 '22 19:11 DonutsNL

@derricksmith, I am sure I am missing something important 😅

The rules that need to be applied are getting lost during the 'doHook()' thats being called in the rule.php->process method. See debug trace screenshots below.

Any ideas?

image Arguments are not passed by reference here.

image image image Not a work-around for this specific implementation, the return values are not captured by the calling method and are lost. see next screen. Not sure where the PLUGIN_HOOKS are populated and why the expected values seem to be missing from the array

image

DonutsNL avatar Nov 27 '22 15:11 DonutsNL

Hi @DonutsNL, Did you find a solution on this? Thanks!

LaurDaniel avatar Nov 23 '23 13:11 LaurDaniel