-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CU Auth package #67
base: main
Are you sure you want to change the base?
CU Auth package #67
Conversation
# Conflicts: # phpunit.xml # src/StarterKitServiceProvider.php # tests/Feature/InstallStarterKitTest.php
# Conflicts: # src/StarterKitServiceProvider.php # tests/Feature/InstallStarterKitTest.php
$user = new $userModel; | ||
$user->name = $shibboleth->name(); | ||
$user->email = $shibboleth->email(); | ||
$user->password = Str::random(32); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suggest to use eduPersonPrincipalName (netid email) here instead of mail attribute which is alias email. This can be changed later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Apparently I was already in agreement with you! Looking at the ShibIdentity implementation, it uses eduPersonPrincipalName as the value for email if it is available, and it uses mail as a fallback. (See ShibIdentity::fromServerVars() and the phpdoc for ShibIdentity::email())
So, basically, yes, and already done!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good work, Eric! Thanks for implementing it. I have two suggestions that can be done later:
- Use eduPersonPrincipalName (netid email) here instead of mail attribute which is alias email.
- Add authorization for admin role besides a regular user. I think all our application have an admin role and it will be a good example how to do different roles.
A package for supporting Apache mod_shib integration and typical development login requirements. An implementation that grew from what was discussed in #42.
This PR does the following
Basic Review:
php artisan starterkit:install
.env
:php artisan config:cache
.env
andphp artisan config:cache
Example Sites + PRs
This PR by itself is not able to show the funtionality, so the examples below are available for review.
Laravel Demo
Demonstrates authorization of a specific route, remote login, no local user.
IT Gov
Demonstrates remote login with lookup of a local user for authorization by policy.