-
Notifications
You must be signed in to change notification settings - Fork 10.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[NEW] Options for SAML auth for individual organizations needs #14275
Conversation
ab1d7b4
to
43681a0
Compare
hey there @ymybe, can we do something to help this MR get merged? I don't really understand why the last missing pipeline is on hold? Can we do something about this or is this cause the Rocket.Chat team needs to say "It's okay"? Cheers, Daniel |
@kukkjanos and @sampaiodiego You both have worked on the SAML component the recently. Do you have an opinion about this PR? What can we do to get this merged? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sorry the delay guys..
@sampaiodiego have updated the PR |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
…ketChat#6481 Signed-off-by: Maximilian Ruta <mr@xtain.net>
@sampaiodiego is there a chance to get this into 1.3.0 stable? |
@sampaiodiego thanks for merging! |
We have a staff id that never changes and I'm thinking about using that to identify the account in Rocket.Chat. But how? Would I map that field to 'username' in the saml configuration and select username as the immutable field name? |
@BarnumD jep thats correct :/ i have not thought about this case. I guess the best would be to add another option to the SAML configuration where you can enter an arbitrary id field and then adding an option to the "SAML__username_normalize" list. As a workaround you can probably also let your SAML provider return the field |
Should I open a new issue since this one has been closed/merged? |
@BarnumD i guess yes. But it is not really hard to implement. Feel free to open a new PR. |
Closes #6481
This PR fixes a problem with changed mail addresses for SAML logins by letting the admins to set if they want to identify the created Rocket.Chat user by ether "Username" or "E-Mail Address".
To increase the compatibility with various SAML providers, it also adds attribute mapping as many other SAML service provider already have implemented.