[FEAT] Process SAML role list attribute

[lkraider]

Request

This is a request to process a list of SAML attributes to define the list of roles a user will have in Rocket.Chat.

Problem

Currently the saml server code hardcodes it to the user role:

Rocket.Chat/app/meteor-accounts-saml/server/saml_server.js

Line 178 in 63a57fb

globalRoles: ['user'],

Example

This should set the roles user and admin to the user that is logging in (the attribute name is just a suggestion):

<saml:Attribute Name="RocketGlobalRole" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
    <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">user</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="RocketGlobalRole" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
    <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">admin</saml:AttributeValue>
</saml:Attribute>

Related:

• The option "Default Roles for Authentication Services" when register new users via auth service has no effect #9689
• Custom user rights per Auth method #12065
• [NEW] LDAP User Groups, Roles, and Channel Synchronization #14278