JIT is not applying Authorizations assignment rules

[DonutsNL]

Currently the JIT is ignoring the Authorizations assignment rules and will create the user using glpi default rules in the root entity with the default profile.

Ldap rules are just that, designed for ldap sync.

[DonutsNL]

applyRightRules require some ldap specifics. Going to do some tests to see if this method is usable.

[derricksmith]

Thanks for your work on this one!

[Ketchup31]

Also interested by this feature. Thank you for the great job and support !!!

[DonutsNL]

There is some documentation but its not up to date. https://glpi-developer-documentation.readthedocs.io/en/master/devapi/rules.html

Am in the process of applying these rules and backwards engineer a bit 😅

[Ketchup31]

Ok .. We believe in you :crossed_fingers: Thank you

[DonutsNL]

Update: Its kinda frustrating.

I have the rules interface working but its not matching the criteria correctly and is not updating the user object as a result.

@derricksmith is it oké to upload the sources for the rules engine. I think i can use some help in getting the created rules to match. Testing the rule in the interface works as expected. The update will introduce a rules conf option that allowes rules to be created in a saml sub_type.

[derricksmith]

I'm not super familiar with the rules workflow. Can you create a PR so I can see what you want to add?

[derricksmith]

I created a branch called Rules Engine. If its easier for you, just send the files over to derricksmith01@msn.com and I'll upload to the branch.

[DonutsNL]

created a pull request with the changes made : https://github.com/derricksmith/phpsaml/pull/116

Its possible to create PHPSaml rules in the GLPI interface.

I created a testscript in the branch to test these rules. It reports that the rule is matched correctly and it is applying the rules.

The problem is that the rules are in fact not applied (when validating).

No error is generated. I was about to start tracing the database for update statements and see what (if anything) is happening.

[DonutsNL]

As i expected, its is not performing the update action. Im not sure why.

[DonutsNL]

A hook is performed on the plugin's ruleright.class.php method executeActions($output, $params, array $input = []) { }, it seems that we need to implement the updates our self's.

[DonutsNL]

@derricksmith, I am sure I am missing something important 😅

The rules that need to be applied are getting lost during the 'doHook()' thats being called in the rule.php->process method. See debug trace screenshots below.

Any ideas?

Arguments are not passed by reference here.

Not a work-around for this specific implementation, the return values are not captured by the calling method and are lost. see next screen. Not sure where the PLUGIN_HOOKS are populated and why the expected values seem to be missing from the array

[LaurDaniel]

Hi @DonutsNL, Did you find a solution on this? Thanks!