dsmrt
commented
5 years ago Hi @BenParizek!
SAML SSO can be confusing so I totally respect your questions!
Although I have noticed that ADFS is pickier than other providers I've worked with, it should work fine with the plugin. Custom/special attributes and events are supported but there are some changes in the works for the plugin's 2.0 version: https://github.com/flipboxfactory/saml-sp/tree/feature/2.0
Those changes in 2.0 will change the way you extend and hook into the plugin. Feel free to check that branch out. It's pretty stable at this point, I just need to release it and make sure upgrades will work ok.
ACLs aren't supported but you can use groups to help translate permissions. For example, when a users attributes are passed along to Craft, the plugin can automatically set the user to that matching group (in Craft) and even create that group if it doesn't exist. From there, you manage the permission separately.
BenParizek
dmatthams
Hi Folks, I'm definitely out of my comfort zone on this topic and trying to understand if this plugin may be a good fit for a project we have, or if it might be able to be extended or customized to this use case. It's quite possible I will misuse or misunderstand a term I am using in the following questions, so please just ask for clarification if I'm not making any sense.
We have a client who is moving to ADFS. Would this plugin be able to help us connect to ADFS? They also mentioned that some integrations they have connect to Azure/Active Directory Direct Connect, but that sounded like it may be a bit more involved as an option.
Once connected, are there any special attributes that have to be passed? Can we get back info on ACLs and other content?