Closed dcr31000 closed 1 year ago
a-menshchikov
commented
1 year ago @dcr31000 hi.
You can look for User Checkers e.g. The checkPreAuth method will be called after handling of SamlResponse and before user authentication, so you could check the user email and throw an appropriate exception if it needed (see available exceptions).
dcr31000
commented
1 year ago @a-menshchikov seems to be what I need, thanks
Do you know how I can see from wich idp the user is from ? For example, I would like to authorize emails as "@idp1.com" for idp1 and "@idp2.com" for idp2 etc.
a-menshchikov
commented
1 year ago I can only suggest you to pass something helpful in the SAML response attributes. There is no way to pass the IdP name to the user properties.
a-menshchikov
commented
1 year ago @dcr31000 you can also use Nbgrp\OneloginSamlBundle\Idp\IdpResolverInterface::resolve which resolve the IdP name from incoming request.
Hi,
I'm using nbgrp/onelogin-saml-bundle with multiple idP. Users are mapped and logged by email.
I would like to restrict sign in and login only for email like "@company-idp-name.com".
Could you please help me to do this ?
Thanks