From 89bfe109efb9786ddfef92ce1e3f99dc7ceaa219 Mon Sep 17 00:00:00 2001
From: John Bergvall <john@sembly.se>
Date: Sat, 3 Sep 2022 19:02:18 +0200
Subject: [PATCH 1/2] Add support for SAML2 groups passed as array instead of
 comma separated string

---
 app/saml2/index.php | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/app/saml2/index.php b/app/saml2/index.php
index 23b2b3c3b..4e8f193df 100644
--- a/app/saml2/index.php
+++ b/app/saml2/index.php
@@ -180,8 +180,13 @@
         $values["email"] = $auth->getAttribute("email")[0];
         $values["role"] = filter_var($auth->getAttribute("is_admin")[0], FILTER_VALIDATE_BOOLEAN) ? "Administrator" : "User";
 
-        // Parse groups
-        $saml_groups = array_map('trim', explode(',', $auth->getAttribute("groups")[0])) ? : [];
+        // parse groups
+        $saml_groups = array();
+        foreach ($auth->getAttribute("groups") as $group_attr) {
+            foreach (array_map('trim', explode(',', $group_attr)) as $g) {
+                if ($g) $saml_groups[] = $g;
+            }
+        }
 
         $ug = [];
         foreach ($Tools->fetch_all_objects("userGroups", "g_id") as $g) {

From cb91b74b75ff326cceded3b8a8ba70062169943a Mon Sep 17 00:00:00 2001
From: John Bergvall <john@sembly.se>
Date: Sat, 3 Sep 2022 19:07:06 +0200
Subject: [PATCH 2/2] Add support to extract ldap group name from SAML
 assertion

---
 app/saml2/index.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/app/saml2/index.php b/app/saml2/index.php
index 4e8f193df..63f2e0e82 100644
--- a/app/saml2/index.php
+++ b/app/saml2/index.php
@@ -184,7 +184,11 @@
         $saml_groups = array();
         foreach ($auth->getAttribute("groups") as $group_attr) {
             foreach (array_map('trim', explode(',', $group_attr)) as $g) {
-                if ($g) $saml_groups[] = $g;
+                if (preg_match('/^(cn|ou)=([^,]+),/i'), $g, $m) { // ldap dn
+                    $saml_groups[] = $m[1]
+                } elseif ($g) {
+                    $saml_groups[] = $g;
+                }
             }
         }