django-saml2-auth icon indicating copy to clipboard operation
django-saml2-auth copied to clipboard

Published 20 hours ago verified publisher icon fangli

mapping SAML2 claims => django auth groups

Open luzik opened this issue 6 years ago • 3 comments

How can I achieve an need of mapping AD groups/rules into builtin django groups ? For example if user is in ActiveDirectory "user_can_edit_web" group I can make an transformation this group membership into SAML "role" claim.

Should it be done in AbstractUser subclass ? or maybe as PullRequests to this project ?

Configuration could be something like that:

'ATTRIBUTES_MAP': { # Change Email/UserName/FirstName/LastName to corresponding SAML2 userprofile attributes. 'email': 'Email', 'username': 'UserName', 'first_name': 'FirstName', 'last_name': 'LastName', '_group_map': { 'django_group_can_edit_web': ('role', 'user_can_edit_web') }, },

luzik avatar Apr 17 '19 08:04 luzik

Or maybe I can access logged user object in 'BEFORE_LOGIN' trigger ? and change it there ?

luzik avatar Apr 17 '19 09:04 luzik

+1

You can use the BEFORE_LOGIN hook but then you'd like to persist the IDP groups to the session somehow ...

jonwhittlestone avatar Aug 14 '19 11:08 jonwhittlestone

See https://github.com/fangli/django-saml2-auth/pull/102 for an example...

josegonzalez avatar Dec 02 '19 22:12 josegonzalez