[FEATURE]: Allow SAML attributes to be used to assign roles and deny access?

HEPTACOM / HeptacomShopwarePlatformAdminOpenAuth

Shopware plugin to allow open auth logins in the administration

https://www.heptacom.de/

Apache License 2.0

30 stars 10 forks source link

[FEATURE]: Allow SAML attributes to be used to assign roles and deny access? #16

Closed AndreasA closed 8 months ago

AndreasA commented 1 year ago

Plugin Version

4.2.1

PHP Version

8.1

Shopware Version

6.4.20.1

Installation method

Composer

Identity provider

SAML2

What happened?

Are there any plans for 5.x to allow the use of SAML attributes to disallow access and to assign certain user roles according to attributes e.g. a membership attribute?

Relevant log output

No response

JoshuaBehrens commented 1 year ago

Yes. We have ideas how to use the rule builder to access these information and build custom checks around it without the need to code it yourself. Simple equals and contains checks. This will also be available for OIDC. Will likely not find its way in a 6.4 compatible release though.

silviokennecke commented 9 months ago

Hi @AndreasA, we just released 6.0.0-beta.1 which implements assignment by roles via SAML2. For Azure you can simply apply the Azure template in the config. The roles can be set in Azure by assigning app roles to users or groups in the application

silviokennecke commented 8 months ago

We just released 6.0.0, which includes this feature for SAML2 and OIDC based providers