Closed dcr31000 closed 1 year ago
@dcr31000 hi.
You can look for User Checkers e.g. The checkPreAuth
method will be called after handling of SamlResponse and before user authentication, so you could check the user email and throw an appropriate exception if it needed (see available exceptions).
@a-menshchikov seems to be what I need, thanks
Do you know how I can see from wich idp the user is from ? For example, I would like to authorize emails as "@idp1.com" for idp1 and "@idp2.com" for idp2 etc.
I can only suggest you to pass something helpful in the SAML response attributes. There is no way to pass the IdP name to the user properties.
@dcr31000 you can also use Nbgrp\OneloginSamlBundle\Idp\IdpResolverInterface::resolve
which resolve the IdP name from incoming request.
Hi,
I'm using nbgrp/onelogin-saml-bundle with multiple idP. Users are mapped and logged by email.
I would like to restrict sign in and login only for email like "@company-idp-name.com".
Could you please help me to do this ?
Thanks