Add roles to SAML response

casdoor · Mar 30, 2023 · da50047 · da50047
1 parent b45c49d
commit da50047
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 0 deletions.
diff --git a/object/saml_idp.go b/object/saml_idp.go
@@ -86,19 +86,28 @@ func NewSamlResponse(user *User, host string, certificate string, destination st
 	authnStatement.CreateElement("saml:AuthnContext").CreateElement("saml:AuthnContextClassRef").SetText("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport")
 
 	attributes := assertion.CreateElement("saml:AttributeStatement")
+
 	email := attributes.CreateElement("saml:Attribute")
 	email.CreateAttr("Name", "Email")
 	email.CreateAttr("NameFormat", "urn:oasis:names:tc:SAML:2.0:attrname-format:basic")
 	email.CreateElement("saml:AttributeValue").CreateAttr("xsi:type", "xs:string").Element().SetText(user.Email)
+
 	name := attributes.CreateElement("saml:Attribute")
 	name.CreateAttr("Name", "Name")
 	name.CreateAttr("NameFormat", "urn:oasis:names:tc:SAML:2.0:attrname-format:basic")
 	name.CreateElement("saml:AttributeValue").CreateAttr("xsi:type", "xs:string").Element().SetText(user.Name)
+
 	displayName := attributes.CreateElement("saml:Attribute")
 	displayName.CreateAttr("Name", "DisplayName")
 	displayName.CreateAttr("NameFormat", "urn:oasis:names:tc:SAML:2.0:attrname-format:basic")
 	displayName.CreateElement("saml:AttributeValue").CreateAttr("xsi:type", "xs:string").Element().SetText(user.DisplayName)
 
+	roles := attributes.CreateElement("saml:Attribute")
+	roles.CreateAttr("Name", "Roles")
+	roles.CreateAttr("NameFormat", "urn:oasis:names:tc:SAML:2.0:attrname-format:basic")
+	ExtendUserWithRolesAndPermissions(user)
+	roles.CreateElement("saml:AttributeValue").CreateAttr("xsi:type", "xs:string").Element().SetText(user.getRolesString())
+
 	return samlResponse, nil
 }
 

diff --git a/object/user.go b/object/user.go
@@ -622,6 +622,14 @@ func (user *User) GetId() string {
 	return fmt.Sprintf("%s/%s", user.Owner, user.Name)
 }
 
+func (user *User) getRolesString() string {
+	roles := []string{}
+	for _, role := range user.Roles {
+		roles = append(roles, role.Name)
+	}
+	return strings.Join(roles, ",")
+}
+
 func isUserIdGlobalAdmin(userId string) bool {
 	return strings.HasPrefix(userId, "built-in/")
 }