Closed valentingoebel closed 2 years ago
Any news on this issue? I try to access properties from samltest.id, e. g. "uid", which is mapped in the "application.yml":
grails:
plugin:
springsecurity:
saml:
userAttributeMappings:
uid: 'urn:oid:0.9.2342.19200300.100.1.1'
I also need to add String uid
to the properties of "com.jeffwils.UserAcct" or the app won't start, but I have no idea how to access the "uid" after the user is logged in?
EDIT: Is it possible, that the line grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.jeffwils.UserAcct'
in "application.groovy" is not working?
Start by reading the documentation of the spring security core plugin. https://grails-plugins.github.io/grails-spring-security-core/4.0.x/index.html#userDetailsService
You have to provide your own UserDetailsService and also your own subclass of GrailsUser. If you are using the grails-spring-security-saml plugin your UserDetailsService has to extend SpringSamlUserDetailsService and override the createUserDetails method.
There is a PR that I forgot to merge that offers a simpler solution. I will add it to the next release if it does not break backwards compatibility.
Thank you very much Valentin. The link and pull request helped me to get the properties.
I just want to mention, that I also needed to set these properties for my custom UserDetailsService to make it work:
def conf = SpringSecurityUtils.securityConfig
myUserDetailsService.userDomainClassName = conf.userLookup.userDomainClassName
myUserDetailsService.samlUserGroupAttribute = conf.saml.userGroupAttribute
myUserDetailsService.samlUserAttributeMappings = conf.saml.userAttributeMappings
The SpringSamlUserDetails Service unfortunately doesn't pass on the information from the
User
class to the GrailsUser object which you can conveniently access viaprincipal.username
inside controllers.There is a call to createUserDetails SpringSamlUserDetailsService and as you can see in it's function definition it only passes on a fixed set of attributes: GormUserDetailsService
There are two ways we can approach this issue, either we provide a
SamlUserDetails
class that is populated with the attributes (perhaps by overriding getProperty()) or the user provides his own UserDetails class and creates his own service that mapsUser
toUserDetails
. The latter is already possible but it is very inconvenient and requires the user to be familiar with the source code of this plugin.I strongly prefer the first option because it doesn't require any additional code.