We use DexIDP with SAML (ADFS) to connect with oAuth2 / OpenID Connect applications because Microsoft has a custom version of OpenID Connect built into ADFS that almost nothing supports.
Because of the ADFS -> DexIDP setup, we are limited in the values we can send from Dex to your plugin. These shortcomings may exist in other "generic" providers as well but I'm unaware.
Dex is essentially sending only 2 usable values: name and email. Your plugin will use the name field as the GLPI username, however in this situation name comes across more as a displayName, which means it looks like "John Doe" - GLPI cannot use spaces in the username. However, my email field is unique, so that is appropriate to use as a login field.
Additionally, because Dex is not sending over a separate displayName or first_name / last_name attributes, the only way to get those is from the name attribute.
To solve both of those problems, I created options to use the email address as the username when creating a new user, and I added an option to split the name field into the first and last name.
This PR does not change any existing functionality, just adds new functionality to satisfy new use cases.
We use DexIDP with SAML (ADFS) to connect with oAuth2 / OpenID Connect applications because Microsoft has a custom version of OpenID Connect built into ADFS that almost nothing supports.
Because of the ADFS -> DexIDP setup, we are limited in the values we can send from Dex to your plugin. These shortcomings may exist in other "generic" providers as well but I'm unaware.
Dex is essentially sending only 2 usable values:
name
andemail
. Your plugin will use thename
field as the GLPI username, however in this situationname
comes across more as a displayName, which means it looks like "John Doe" - GLPI cannot use spaces in the username. However, my email field is unique, so that is appropriate to use as a login field.Additionally, because Dex is not sending over a separate displayName or first_name / last_name attributes, the only way to get those is from the
name
attribute.To solve both of those problems, I created options to use the email address as the username when creating a new user, and I added an option to split the name field into the first and last name.
This PR does not change any existing functionality, just adds new functionality to satisfy new use cases.