Feature Request: Option to alias IdP username to local DS user account …

…#59

NomadLogin/UI/SignInWindowController.swift

@@ -537,7 +537,7 @@ class SignInWindowController: NSWindowController, DSQueryable {
 
 
         TCSLogWithMark()
-        if strippedUsername.range(of:"@") != nil {
+        if strippedUsername.range(of:"@") != nil && getManagedPreference(key: .ADDomain) != nil {
             shortName = (strippedUsername.components(separatedBy: "@").first)!
 
             providedDomainName = strippedUsername.components(separatedBy: "@").last!.uppercased()

XCreds/PrefKeys.swift

@@ -9,7 +9,7 @@ import Foundation
 
 enum PrefKeys: String {
     case clientID, clientSecret, password="xcreds local password",discoveryURL, redirectURI, scopes, accessToken, idToken, refreshToken, tokenEndpoint, expirationDate, invalidToken, refreshRateHours,refreshRateMinutes, showDebug, verifyPassword, shouldShowQuitMenu, shouldShowPreferencesOnStart, shouldSetGoogleAccessTypeToOffline, passwordChangeURL, shouldShowAboutMenu, username, idpHostName, passwordElementID, shouldFindPasswordElement, shouldShowVersionInfo, shouldShowSupportStatus,shouldShowConfigureWifiButton,shouldShowMacLoginButton, loginWindowBackgroundImageURL, shouldShowCloudLoginByDefault, shouldPreferLocalLoginInsteadOfCloudLogin, idpHostNames,autoRefreshLoginTimer, loginWindowWidth, loginWindowHeight, shouldShowRefreshBanner, shouldSwitchToLoginWindowWhenLocked,accounts = "Accounts",
-         windowSignIn = "WindowSignIn", settingsOverrideScriptPath, localAdminUserName, localAdminPassword, usernamePlaceholder, passwordPlaceholder, shouldShowLocalOnlyCheckbox, shouldShowTokenUpdateStatus, shouldDetectNetworkToDetermineLoginWindow, showLoginWindowDelaySeconds, shouldPromptForMigration, shouldAllowKeyComboForMacLoginWindow
+         windowSignIn = "WindowSignIn", settingsOverrideScriptPath, localAdminUserName, localAdminPassword, usernamePlaceholder, passwordPlaceholder, shouldShowLocalOnlyCheckbox, shouldShowTokenUpdateStatus, shouldDetectNetworkToDetermineLoginWindow, showLoginWindowDelaySeconds, shouldPromptForMigration, shouldAllowKeyComboForMacLoginWindow, aliasName
     //, filePathToPreventShowingUI
     case ropgClientID
     case ropgClientSecret

XCredsLoginPlugIn/ContextAndHintHandling.swift

@@ -33,6 +33,7 @@ enum HintType: String {
     case adGroups
     case oidcSub
     case oidcIssuer
+    case aliasName
 
 
 }

XCredsLoginPlugIn/LoginWindow/LoginWebViewWindowController.swift

@@ -238,6 +238,15 @@ class LoginWebViewWindowController: WebViewWindowController, DSQueryable {
         TCSLogWithMark("setting issuer and sub hint from OIDC token")
         delegate.setHint(type: .oidcSub, hint: "\(subValue)")
         delegate.setHint(type: .oidcIssuer, hint: "\(issuerValue)")
+        let aliasClaim = DefaultsOverride.standardOverride.string(forKey: PrefKeys.aliasName.rawValue)
+        if let aliasClaim = aliasClaim, let aliasClaimValue = idTokenInfo[aliasClaim] {
+            TCSLogWithMark("found alias claim: \(aliasClaim):\(aliasClaimValue)")
+            delegate.setHint(type: .aliasName, hint: aliasClaimValue)
+        }
+        else {
+            TCSLogWithMark("no alias claim: \(aliasClaim ?? "none")")
+        }
+
         let shouldPromptForMigration = DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldPromptForMigration.rawValue)
 
         if  let existingUser = existingUser, let odUsername = existingUser.recordName  {

XCredsLoginPlugIn/Mechanisms/XCredsCreateUser.swift

@@ -200,19 +200,26 @@ class XCredsCreateUser: XCredsBaseMechanism {
 
             var sub:String?
             var iss:String?
+            var alias:String?
             if let oidcSubHint = getHint(type: .oidcSub) as? String {
                 sub=oidcSubHint
             }
             if let oidcIssHint = getHint(type: .oidcIssuer) as? String {
                 iss=oidcIssHint
             }
-
+            if let aliasHint = getHint(type: .aliasName) as? String {
+                alias=aliasHint
+            }
             // Set the xcreds attributes to stamp this account as the mapped one
             setTimestampFor(xcredsUser ?? "")
             if let iss = iss, let sub = sub {
                 updateOIDCInfo(xcredsUser ?? "", iss: iss, sub:sub)
             }
-
+            if let alias = alias, let xcredsUser = xcredsUser {
+                if XCredsCreateUser.addAlias(name: xcredsUser, alias: alias)==false {
+                    os_log("error adding alias", log: createUserLog, type: .debug)
+                }
+            }
         }
         os_log("Allowing login", log: createUserLog, type: .debug)
         let _ = allowLogin()
@@ -445,7 +452,15 @@ class XCredsCreateUser: XCredsBaseMechanism {
                 os_log("Adding UPN result: %{public}@", log: createUserLog, type: .debug, result.description)
             }
         }
-
+
+        if let aliasHint = getHint(type: .aliasName) as? String {
+            if XCredsCreateUser.addAlias(name: shortName, alias: aliasHint)==false {
+                os_log("error adding alias", log: createUserLog, type: .debug)
+            }
+        }
+
+
+
         if getManagedPreference(key: .AliasNTName) as? Bool ?? false {
             if let ntName = getHint(type: .ntName) as? String {
                 os_log("Adding NTName as an alias: %{public}@", log: createUserLog, type: .debug, ntName)

xCreds.xcodeproj/project.pbxproj

@@ -1249,7 +1249,7 @@
 				CLANG_ENABLE_MODULES = YES;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 5258;
+				CURRENT_PROJECT_VERSION = 5268;
 				DEFINES_MODULE = YES;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -1287,7 +1287,7 @@
 				CLANG_ENABLE_MODULES = YES;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 5258;
+				CURRENT_PROJECT_VERSION = 5268;
 				DEFINES_MODULE = YES;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -1407,7 +1407,7 @@
 				CODE_SIGN_ENTITLEMENTS = "XCreds Login Overlay/XCreds_Login_Overlay.entitlements";
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 5258;
+				CURRENT_PROJECT_VERSION = 5268;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -1444,7 +1444,7 @@
 				CODE_SIGN_ENTITLEMENTS = "XCreds Login Overlay/XCreds_Login_Overlay.entitlements";
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 5258;
+				CURRENT_PROJECT_VERSION = 5268;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -1594,7 +1594,7 @@
 				CODE_SIGN_ENTITLEMENTS = XCreds/xCreds.entitlements;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 5258;
+				CURRENT_PROJECT_VERSION = 5268;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -1635,7 +1635,7 @@
 				CODE_SIGN_ENTITLEMENTS = XCreds/xCreds.entitlements;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 5258;
+				CURRENT_PROJECT_VERSION = 5268;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				FRAMEWORK_SEARCH_PATHS = (

xCreds.xcodeproj/xcuserdata/tperfitt.xcuserdatad/xcdebugger/Breakpoints_v2.xcbkptlist

@@ -172,8 +172,8 @@
             filePath = "XCredsLoginPlugIn/LoginWindow/LoginWebViewWindowController.swift"
             startingColumnNumber = "9223372036854775807"
             endingColumnNumber = "9223372036854775807"
-            startingLineNumber = "296"
-            endingLineNumber = "296"
+            startingLineNumber = "305"
+            endingLineNumber = "305"
             landmarkName = "tokensUpdated(tokens:)"
             landmarkType = "7">
          </BreakpointContent>