Drupal SSO configuration fix

bseeger commented 3 years ago

The configuration in Drupal for the SSO login has the option to 're-evaluate roles every time a users logs in' set to enabled. That means that anything an admin does to a user's roles will be lost the next time the user logs in.

If we leave this option enabled, the system will have to know all SSO users a head of time to ensure that they are preconfigured in the known user list - with their role information all ready filled in. This method is very inflexible and will require dev help anytime a SSO user's role information needs to change, or a new user needs to be added. The better option is to turn off this ability and let the Admin/Global Admin adjust user roles as they see fit.

The (already approved/anticipated) way a new SSO user will get permissions will look like this: 1) user logs in via SSO and drupal creates an account for them. They will have no role assigned to them. 2) global admin / admin gives them a specific role w/in the system. 3) the user now has some admin capabilities.

Resolves https://github.com/jhu-idc/iDC-general/issues/434

FYI - this enables an unrelated test case that was shut off before because migration validation was not happening yet.