empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 08:55:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
8bcf9b6f83
fleet/tools/saml/users.php
Lucas Manuel Rodriguez 6acb567ade
Accept and ignore SSO role attributes with null value (#11959) 
#10878

- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)~
- ~[ ] Documented any permissions changes~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
  - ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-05-30 16:57:03 -03:00

68 lines
3.1 KiB
PHP
Raw Blame History

<?php
$config = array(
'admin' => array(
'core:AdminPassword',
),
'example-userpass' => array(
'exampleauth:UserPass',
// username: sso_user
// password: user123#
'sso_user:user123#' => array(
'uid' => array('1'),
'eduPersonAffiliation' => array('group1'),
'displayname' => array('SSO User 1'),
'email' => 'sso_user@example.com',
),
'sso_user2:user123#' => array(
'uid' => array('2'),
'eduPersonAffiliation' => array('group1'),
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name' => array('SSO User 2'),
'email' => 'sso_user2@example.com',
),
// sso_user_3_global_admin has FLEET_JIT_USER_ROLE_GLOBAL attribute to be added as global admin.
'sso_user_3_global_admin:user123#' => array(
'uid' => array('3'),
'eduPersonAffiliation' => array('group1'),
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name' => array('SSO User 3'),
'email' => 'sso_user_3_global_admin@example.com',
'FLEET_JIT_USER_ROLE_GLOBAL' => 'admin',
),
// sso_user_4_team_maintainer has FLEET_JIT_USER_ROLE_TEAM_1 attribute to be added as maintainer
// of team with ID 1, its login will fail if team with ID 1 doesn't exist.
'sso_user_4_team_maintainer:user123#' => array(
'uid' => array('4'),
'eduPersonAffiliation' => array('group1'),
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name' => array('SSO User 4'),
'email' => 'sso_user_4_team_maintainer@example.com',
'FLEET_JIT_USER_ROLE_TEAM_1' => 'maintainer',
),
// sso_user_5_team_admin has FLEET_JIT_USER_ROLE_TEAM_1 attribute to be added as admin
// of team with ID 1, its login will fail if team with ID 1 doesn't exist.
// It also sets FLEET_JIT_USER_ROLE_GLOBAL and FLEET_JIT_USER_ROLE_TEAM_2 to `null` which means
// Fleet will ignore such fields.
'sso_user_5_team_admin:user123#' => array(
'uid' => array('5'),
'eduPersonAffiliation' => array('group1'),
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name' => array('SSO User 5'),
'email' => 'sso_user_5_team_admin@example.com',
'FLEET_JIT_USER_ROLE_TEAM_1' => 'admin',
'FLEET_JIT_USER_ROLE_GLOBAL' => 'null',
'FLEET_JIT_USER_ROLE_TEAM_2' => 'null',
),
// sso_user_6_global_observer has all FLEET_JIT_USER_ROLE_* attributes set to null, so it
// will be added as global observer (default).
'sso_user_6_global_observer:user123#' => array(
'uid' => array('6'),
'eduPersonAffiliation' => array('group1'),
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name' => array('SSO User 6'),
'email' => 'sso_user_6_global_observer@example.com',
'FLEET_JIT_USER_ROLE_GLOBAL' => 'null',
'FLEET_JIT_USER_ROLE_TEAM_1' => 'null',
),
),
);
Reference in New Issue View Git Blame Copy Permalink