public-offering
/
cal.pub0.org
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix SAML login (#4037) 

* after first login the user is read from the db and hence we need to inspect the `emailVerified` attribute as well.

* fixed mapping documentation for SAML, the current mapping is not right and is causing confusion
pull/4034/head^2
Deepak Prabhakara 2022-08-30 23:55:24 +05:30 committed by GitHub
parent ad8d0a4e77
commit 1a81459e28
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
apps/web/docs/saml-setup.md
View File

@ -18,10 +18,10 @@ This guide explains the settings you need to use to configure SAML with your Ide
**Mapping Attributes / Attribute Statements:** **Mapping Attributes / Attribute Statements:**
id -> user.id http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier -> id
email -> user.email http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress -> email
firstName -> user.firstName http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname -> firstName
lastName -> user.lastName http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname -> lastName

2
apps/web/pages/api/auth/[...nextauth].tsx
View File

@ -328,7 +328,7 @@ export default NextAuth({
if (account.provider === "saml") { if (account.provider === "saml") {
idP = IdentityProvider.SAML; idP = IdentityProvider.SAML;
} }
user.email_verified = user.email_verified || profile.email_verified; user.email_verified = user.email_verified || user.emailVerified || profile.email_verified;
if (!user.email_verified) { if (!user.email_verified) {
return "/auth/error?error=unverified-email"; return "/auth/error?error=unverified-email";