utexas / utexas_saml_auth_helper
This is a Drupal module that provides UTexas-focused UI tweaks to the contributed samlauth module.
Installs: 145 637
Dependents: 2
Suggesters: 0
Security: 0
Stars: 1
Watchers: 3
Forks: 0
Type:drupal-custom-module
Requires
- drupal/samlauth: 3.11.0
This package is auto-updated.
Last update: 2025-03-27 15:11:03 UTC
README
This is a Drupal module that provides UTexas-focused UI tweaks to the contributed samlauth module.
End-user documentation can be found at https://drupalkit.its.utexas.edu/docs/
List of behaviors
- Declares a dependency on the samlauth module, causing that module and its dependency
externalauth
to be enabled when this module is enabled. - Includes configuration defaults for:
utexas_saml_auth_helper_iid_domain: eid.utexas.edu
mail_body
-- The rewritten "account created" email bodymail_subject
-- The rewritten "account created" email subject
- Set user account creation password form element to #access=FALSE and #required=FALSE.
- Disable editing the username for already-created accounts.
- Set email form element to #disabled=TRUE and #required=FALSE.
- Add custom validation that will:
- Confirm the name entered is a valid EID
- The regex expression from the Drupal 7 module should be reused for this.
- Set email to EID + "@" +
utexas_saml_auth_helper_iid_domain
configuration setting.
- Confirm the name entered is a valid EID
- Set required configuration for OneLogin library and disable editing of form fields
- Define a drush command for converting all eligible users to SAML login. With the switch from
simplesamlphp_auth
tosamlauth
, this is effectively outdated, assamlauth
will automatically convert eligible user accounts that already exist in the system. - If the
samlauth
module is enabled, redirect the legacy simplesamlphp_auth/saml_login
path to/saml/login
Configuring SAML user roles
The module samlauth
includes a sub-module, samlauth_user_roles
for assigning Drupal roles to users based on affiliations provided by the Identity Provider (IdP).
This form is located at admin/config/people/saml/user-roles
- For "SAML Attribute", enter
urn:mace:dir:attribute-def:utexasEduPersonAffiliation
- For "Separator", enter
|
- For value conversions, enter in the following format. To automatically grant the
Content Editor
role to users with thestaff-current
affiliation, enterstaff-current|Content editor
. A complete converion example fromsimplesamlphp_auth
tosamlauth
forpharmacy-intranet
is shown below:
simplesamlphp_auth syntax
faculty_staff:urn:mace:dir:attribute-def:utexasEduPersonAffiliation,=,faculty-future;urn:mace:dir:attribute-def:utexasEduPersonAffiliation,=,faculty-current;urn:mace:dir:attribute-def:utexasEduPersonAffiliation,=,staff-future;urn:mace:dir:attribute-def:utexasEduPersonAffiliation,=,staff-current
samlauth syntax
faculty-future|Faculty/Staff
faculty-current|Faculty/Staff
staff-future|Faculty/Staff
staff-current|Faculty/Staff