Skip to content

Commit

Permalink
Allows to customize SAML attributes
Browse files Browse the repository at this point in the history
Adds three environment variables:
 - GRIST_SAML_ATTR_FIRSTNAME
 - GRIST_SAML_ATTR_LASTNAME
 - GRIST_SAML_ATTR_EMAIL

so that the attributes coming from the IdP can be customized.

This allows from a variety of IdP to be used directly, including
ones from educational institution with urn:oid (direct or aliased)
  • Loading branch information
mclegrand committed Dec 17, 2024
1 parent 044f6c7 commit 4c0681f
Showing 1 changed file with 15 additions and 3 deletions.
18 changes: 15 additions & 3 deletions app/server/lib/SamlConfig.ts
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,15 @@
* Comma-separated list of paths for certificates from identity provider, PEM format.
* env GRIST_SAML_IDP_UNENCRYPTED
* If set and non-empty, allow unencrypted assertions, relying on https for privacy.
* env GRIST_SAML_ATTR_FIRSTNAME
* If set and non-empty, determines the user's firstname attribute from the IdP response.
* e.g. "urn:oid:2.5.4.4"
* env GRIST_SAML_ATTR_LASTNAME
* If set and non-empty, determines the user's lastname attribute from the IdP response.
* e.g. "urn:oid:1.3.6.1.4.1.5923.1.1.1.6"
* env GRIST_SAML_ATTR_EMAIL
* If set and non-empty, determines the user's email attribute from the IdP response.
* e.g. "urn:oid:0.9.2342.19200300.100.1.3"
*
* This version of SamlConfig has been tested with Auth0 SAML IdP following the instructions
* at:
Expand Down Expand Up @@ -181,9 +190,12 @@ export class SamlConfig {
// An example IdP response is at https://github.com/Clever/saml2#assert_response. Saml2-js
// maps some standard attributes as user.given_name, user.surname, which we use if
// available. Otherwise we use user.attributes which has the form {Name: [Value]}.
const fname = samlUser.given_name || samlUser.attributes.FirstName || '';
const lname = samlUser.surname || samlUser.attributes.LastName || '';
const email = samlUser.email || samlUser.name_id;
const firstNameAttribute = process.env.GRIST_SAML_ATTR_FIRSTNAME || 'FirstName';
const lastNameAttribute = process.env.GRIST_SAML_ATTR_LASTNAME || 'LastName';
const emailAttribute = process.env.GRIST_SAML_ATTR_EMAIL || 'email';
const fname = samlUser.given_name || samlUser.attributes[firstNameAttribute] || '';
const lname = samlUser.surname || samlUser.attributes[lastNameAttribute] || '';
const email = samlUser.email || samlUser.attributes[emailAttribute] || samlUser.name_id;
const profile = {
email,
name: `${fname} ${lname}`.trim(),
Expand Down

0 comments on commit 4c0681f

Please sign in to comment.