Skip to content

Commit

Permalink
Adapted to MOODLE_39_STABLE
Browse files Browse the repository at this point in the history
  • Loading branch information
vinolas committed Jun 10, 2021
1 parent 746d33b commit b8d362d
Show file tree
Hide file tree
Showing 5 changed files with 79 additions and 1 deletion.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@ Features
* Automatic certificate creation
* Optionally auto create users
* Support for multiple identity providers
* Role mapping for admin, manager and course_creator system roles
* Idp initiated flow / IdP first flow / IdP unsolicited logins, eg:

http://idp.local/simplesaml/saml2/idp/SSOService.php?spentityid=http://moodle.local/auth/saml2/sp/metadata.php&RelayState=http://moodle.local/course/view.php?id=2
Expand All @@ -67,7 +68,6 @@ http://idp.local/simplesaml/saml2/idp/SSOService.php?spentityid=http://moodle.lo
Features not yet implemented:

* Enrolment - this should be an enrol plugin and not in an auth plugin
* Role mapping - not yet implemented

Branches
--------
Expand Down
3 changes: 3 additions & 0 deletions classes/auth.php
Original file line number Diff line number Diff line change
Expand Up @@ -687,6 +687,9 @@ public function saml_login_complete($attributes) {
set_config('siteadmins', implode(',', $admins));
}

// Synchronize IdP roles to moodle
sync_roles($user, $attributes, $this->config);

// Make sure all user data is fetched.
$user = get_complete_user_data('username', $user->username);

Expand Down
10 changes: 10 additions & 0 deletions lang/en/auth_saml2.php
Original file line number Diff line number Diff line change
Expand Up @@ -218,3 +218,13 @@
$string['regeneratepath'] = 'Certificate path path: {$a}';
$string['regenerateheader'] = 'Regenerate Private Key and Certificate';
$string['regeneratesuccess'] = 'Private Key and Certificate successfully regenerated';

/*
* Role mapping
*/
$string['saml_role_map'] = "Role";
$string['saml_rolemapping'] = "Role Mapping";
$string['saml_rolemapping_head'] = "The IdP can use it's own roles. Set in this section the mapping between IdP and Moodle roles. Accepts multiple valued comma separated. Example: admin,owner,superuser.";
$string['saml_role_siteadmin_map'] = "Site administrators";
$string['saml_role_manager_map'] = "Manager";
$string['saml_role_coursecreator_map'] = "Course creator";
29 changes: 29 additions & 0 deletions locallib.php
Original file line number Diff line number Diff line change
Expand Up @@ -543,3 +543,32 @@ function auth_saml2_admin_nav($title, $url) {
$PAGE->set_heading(get_string('pluginname', 'auth_saml2') . ': ' . $title);
$PAGE->set_title(get_string('pluginname', 'auth_saml2') . ': ' . $title);
}

/**
* Map user roles from Roles array
*
*/
function sync_roles($user,$attributes,$config) {
global $CFG, $DB;

// Process siteadmin (special, they are stored at mdl_config)
if(in_array($config->saml_role_siteadmin_map,$attributes['Role'])){
$siteadmins = explode(',', $CFG->siteadmins);
if (!in_array($user->id, $siteadmins)) {
$siteadmins[] = $user->id;
$newAdmins = implode(',', $siteadmins);
set_config('siteadmins', $newAdmins);
}
}

// Process coursecreator and manager
$syscontext = context_system::instance();
if(in_array($config->saml_role_coursecreator_map,$attributes['Role'])){
$creatorrole = $DB->get_record('role', array('shortname'=>'coursecreator'), '*', MUST_EXIST);
role_assign($creatorrole->id, $user->id, $syscontext);
}
if (in_array($config->saml_role_manager_map, $attributes['Role'])) {
$managerrole = $DB->get_record('role', array('shortname'=>'manager'), '*', MUST_EXIST);
role_assign($managerrole->id, $user->id, $syscontext);
}
}
36 changes: 36 additions & 0 deletions settings.php
Original file line number Diff line number Diff line change
Expand Up @@ -298,6 +298,42 @@
$authplugin->get_ssp_version()
));

// Role mapping
$name = 'auth_saml2/field_map_role';
$title = get_string('saml_role_map', 'auth_saml2');
$description = '';
$default = '';
$setting = new admin_setting_configtext($name, $title, $description, $default, PARAM_ALPHANUMEXT);
$settings->add($setting);

$settings->add(
new admin_setting_heading(
'auth_saml2/saml_rolemapping',
new lang_string('saml_rolemapping', 'auth_saml2'),
new lang_string('saml_rolemapping_head', 'auth_saml2')
)
);

$name = 'auth_saml2/saml_role_siteadmin_map';
$title = get_string('saml_role_siteadmin_map', 'auth_saml2');
$description = '';
$default = '';
$setting = new admin_setting_configtext($name, $title, $description, $default, PARAM_ALPHANUMEXT);
$settings->add($setting);

$name = 'auth_saml2/saml_role_manager_map';
$title = get_string('saml_role_manager_map', 'auth_saml2');
$description = '';
$default = '';
$setting = new admin_setting_configtext($name, $title, $description, $default, PARAM_ALPHANUMEXT);
$settings->add($setting);

$name = 'auth_saml2/saml_role_coursecreator_map';
$title = get_string('saml_role_coursecreator_map', 'auth_saml2');
$description = '';
$default = '';
$setting = new admin_setting_configtext($name, $title, $description, $default, PARAM_ALPHANUMEXT);
$settings->add($setting);

// Display locking / mapping of profile fields.
$help = get_string('auth_updatelocal_expl', 'auth');
Expand Down

0 comments on commit b8d362d

Please sign in to comment.