django-saml2-auth icon indicating copy to clipboard operation
django-saml2-auth copied to clipboard

Published 20 hours ago verified publisher icon fangli

Update user informations from SAML2/Okta

Open debnet opened this issue 6 years ago • 4 comments

Is there a way to update all user informations (first name, last name, email) from SAML2 provider at each login? How? Thanks. ;)

debnet avatar Feb 14 '19 14:02 debnet

OK, I've seen there is possibility to have a trigger after login, but it would be nice to have both the current user and the SAML2 credentials in the parameters. :D

debnet avatar Feb 14 '19 17:02 debnet

I want/need the same. It'd be nice to include a stock method that does the update. I ended up with:

def update_user(user_identity):
    user_email = user_identity[settings.SAML2_AUTH.get('ATTRIBUTES_MAP', {}).get('email', 'Email')][0]
    user_name = user_identity[settings.SAML2_AUTH.get('ATTRIBUTES_MAP', {}).get('username', 'UserName')][0]
    user_first_name = user_identity[settings.SAML2_AUTH.get('ATTRIBUTES_MAP', {}).get('first_name', 'FirstName')][0]
    user_last_name = user_identity[settings.SAML2_AUTH.get('ATTRIBUTES_MAP', {}).get('last_name', 'LastName')][0]

    u = User.objects.get(username=user_name)
    u.email = user_email
    u.first_name = user_first_name
    u.last_name = user_last_name
    u.save()

ambsw-technology avatar Feb 28 '19 20:02 ambsw-technology

@ambsw-technology where did you put that function? I am trying to accomplish a similar feat (updating the user's department in my app). I can't tell that the function is even being called. Can you share the relevant portion of your settings.py and where you have the update_user() function? Thanks!

kherrett avatar Apr 30 '20 20:04 kherrett

@kherrett

SAML2_AUTH = {
    ...
    'TRIGGER': {
        'BEFORE_LOGIN': 'app_name.saml.update_user',
    },

I assume this method works in the base application, but I'm now working on a fork/branch that was refactored to make every part of the system pluggable. That lets me do things like this and this.

FYI here's my method (in app_name/saml.py):

def update_user(user_identity):
    user_email = user_identity[settings.SAML2_AUTH.get('ATTRIBUTES_MAP', {}).get('email', 'Email')][0]
    user_name = user_identity[settings.SAML2_AUTH.get('ATTRIBUTES_MAP', {}).get('username', 'UserName')][0]
    user_first_name = user_identity[settings.SAML2_AUTH.get('ATTRIBUTES_MAP', {}).get('first_name', 'FirstName')][0]
    user_last_name = user_identity[settings.SAML2_AUTH.get('ATTRIBUTES_MAP', {}).get('last_name', 'LastName')][0]

    u = User.objects.get(username=user_name)
    u.email = user_email
    u.first_name = user_first_name
    u.last_name = user_last_name
    u.save()

ambsw-technology avatar May 25 '20 02:05 ambsw-technology