-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Getting ready for IDP + SP work #174
Conversation
…elescope, not yet configured to work together
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One small thing, and this is ready to go.
We should probably also include a doc update to let people know what the username/passwords are, and give instructions about how to access the login app in development and testing.
config/simplesamlphp-users.php
Outdated
'email' => '[email protected]', | ||
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname' => 'Johannes', | ||
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname' => 'Kepler', | ||
'http://schemas.microsoft.com/identity/claims/displayname' => 'Johannes Kepler' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We better add a few more claims, since we will need a username
:
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name": "[email protected]",
"sAMAccountName": "username"
Give all 3 users unique usernames that match their email address.
Since you're creating this setup, you also get to name the users. If you want to immortalize yourself, now is your chance!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should the email and name attributes have the same values? Our Seneca e-mail account should be used for both right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also perhaps I should ask, cause I am not clear about it. What is sAMAccountName? It seems as though from my searching it is an older username that is of the form domain\username as opposed to the email-like [email protected] that we use now. Do we all have these? Are these created by default when an account is made using the prefix of the [email protected] users?
config/simplesamlphp-users.php
Outdated
NOTE: we add a bunch of claims that we expect to get back from Seneca, | ||
and need to simulate here. | ||
*/ | ||
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress' => '[email protected]', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Change the email address to match the 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name'
claim (same email in all claims). Do this for every account.
config/simplesamlphp-users.php
Outdated
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname' => 'Johannes', | ||
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname' => 'Kepler', | ||
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name'=> '[email protected]', | ||
'sAMAccountName'=> 'HeresJohnny', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seneca requires all lowercase, so let's use lowercase for this and email name portion. Same for all accounts.
… case and same email used for both name and email
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm fine with this, but can you file another issue to add these users to our Prisma seed? We should probably create at least 2 of them in the db. We might want to leave one out, so we can test the first-run flow.
Small PR to add Samlify and the Simple SAML IDP exactly as it is in telescope, not yet configured to work together.
Closes #105