[ENG-1429] [OSF Institutions] Shared SSO and The Policy Lab#189
Merged
cslzchen merged 2 commits intoCenterForOpenScience:masterfrom Sep 17, 2020
Merged
Conversation
- pu for princeton university - brown for brown university
cslzchen
commented
Sep 17, 2020
Contributor
Author
There was a problem hiding this comment.
Dev tests has passed using a new Postman suite that mocks the request made from Shibboleth to CAS after successful SAML authn. In addition, Travis CI passed: https://travis-ci.org/github/cslzchen/cas-overlay/builds/727910570.
| <fullname><xsl:value-of select="//attribute[@name='displayName']/@value"/></fullname> | ||
| <familyName><xsl:value-of select="//attribute[@name='sn']/@value"/></familyName> | ||
| <givenName><xsl:value-of select="//attribute[@name='givenName']/@value"/></givenName> | ||
| <isMemberOf><xsl:value-of select="//attribute[@name='isMemberOf']/@value"/></isMemberOf> |
Contributor
Author
There was a problem hiding this comment.
As for CAS server setting changes, add the following line to the brown block in the institutions-auth.xsl file.
<isMemberOf><xsl:value-of select="//attribute[@name='isMemberOf']/@value"/></isMemberOf>
As for Shibboleth server setting changes, add the following line to the file attribute-map.xml.
<Attribute name="urn:oid:1.3.6.1.4.1.5923.1.5.1.1" id="isMemberOf"/>
| final String fullname = user.optString("fullname").trim(); | ||
| final String givenName = user.optString("givenName").trim(); | ||
| final String familyName = user.optString("familyName").trim(); | ||
| final String isMemberOf = user.optString("isMemberOf").trim(); |
Contributor
Author
There was a problem hiding this comment.
optString guarantees that an empty string is returned if the key isMemberOf is not found. This is why don't have to add isMemberOf to other institutions ...
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Ticket
https://openscience.atlassian.net/browse/ENG-1429
Purpose
This is the accompanying PR for CenterForOpenScience/osf.io#9484 of which the purpose is:
thepolicylabto prod using brown's SSO of typesaml-shibChanges
princetonas it is in the server settings, which is a leftover from previous tasksbrownto include theisMemberOfattributeisMemberOfto a couple of logging messagesDev / QA Notes
I finally figured out a way to test institution SSO without an existing accounts / IdP servers. Verified all three cases below work as expected. The local OSF API server creates new (finds existing) users and affiliates institutions (if not) correctly.
brown-only userbrownandthepolicylabuserprincetonuserThis is to test that other institutions are not affected by the fact that
isMemberOfis only added tobrown.Dev-Ops Notes
See CenterForOpenScience/osf.io#9484 for configurations for Shibboleth, CAS and OSF.