mirror of https://github.com/MISP/MISP
chg: [shibbauth] added option to block organisation changes at login
- New ApacheShibbAuth.BlockOrgModifications setting added, defaults to false, boolean. If set to true, will block updates to the organisation of existing users on authentication. This preserves any modifications made by a site admin in MISP and is similar to ApacheShibbauth.BlockRoleModifications (same logic applied to role modifications).pull/7607/head
parent
e45245ec86
commit
4b74a0d342
|
@ -39,6 +39,7 @@ class ApacheShibbAuthenticate extends BaseAuthenticate
|
|||
* 'group_one' => 1,
|
||||
* ),
|
||||
* 'DefaultOrg' => 'MY_ORG',
|
||||
* 'BlockOrgModifications' => false // set to true if you wish for the user's organisation never to be updated during login. Especially useful if you manually change organisations in MISP
|
||||
* 'DefaultRole' => false // set to a specific value if you wish to hard-set users created via ApacheShibbAuth
|
||||
* 'BlockRoleModifications' => false // set to true if you wish for the roles never to be updated during login. Especially * // useful if you manually change roles in MISP
|
||||
* 'BlockOrgModifications' => false // set to true if you wish for the organizations never to be updated during login. Especially * // useful if you manually change orgs in MISP
|
||||
|
@ -70,6 +71,7 @@ class ApacheShibbAuthenticate extends BaseAuthenticate
|
|||
$roleId = -1;
|
||||
$org = Configure::read('ApacheShibbAuth.DefaultOrg');
|
||||
$useDefaultOrg = Configure::read('ApacheShibbAuth.UseDefaultOrg');
|
||||
$blockOrgModifications = Configure::check('ApacheShibbAuth.BlockOrgModifications') ? Configure::read('ApacheShibbAuth.BlockOrgModifications') : false;
|
||||
// Get tags from SSO config
|
||||
$mailTag = Configure::read('ApacheShibbAuth.MailTag');
|
||||
$orgTag = Configure::read('ApacheShibbAuth.OrgTag');
|
||||
|
|
Loading…
Reference in New Issue