Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-105169

As an Instance Administrator, I want to configure the user profile attributes that can be updated from the SAML assertion when a user logs into the system

    Details

    • Sprint:
      AppSec Iteration 54, AppSec Iteration 55, AppSec Iteration 56, AppSec Iteration 57, AppSec Iteration 58, AppSec Iteration 59, AppSec Iteration 60, AppSec Iteration 61, AppSec Iteration 62, AppSec Iteration 63, AppSec Iteration 64, AppSec Iteration 65, AppSec Iteration 66, AppSec Iteration 67, AppSec Iteration 68, AppSec Iteration 69, AppSec Iteration 70

      Description

      Description

      The Attribute Mapping field of the SAML provider settings can have arbitrary entries in the mapping with verifications on portal side attributes. The values of the given SAML provider asserts will be saved to the appropriate portal User attribute values at synchronization when the user signs in. There will be a separated field for the User attributes like it is working in LDAP configuration already.

      The followings can be a later considerations:

      1. To create custom fields for the the basic fields, that can be managed in the Attribute Mapping field already.
      2. To have some notification to Instance Administrator if there is an exception at creating the portal User. For example in case of invalid values for any of the fields.

      Acceptance Criteria

      Same as the AC of LPS-105170.

      1. As an Instance Administrator, I want to set portal User attribute from a predefined list to SAML assert mapping at the SAML provider settings according to which the assertion values are saved as portal User attribute values.
      2. As an Instance Administrator, I want to have a verification at saving the SAML provider settings which checks the portal User attributes if they are existing portal User attributes. (Note: in the current implementation there is no way to send a non-existing attribute as the attributes can be chosen from a predefined list. However, it may be possible to do that in a hacky way so we may need the protection on server side.)
      3. As an Instance Administrator, I want to have a verification at saving the SAML provider settings which checks for duplicated portal User attributes in the mapping.
      4. As an End User, I want my data in IdP synced to my portal user when I sign in.
      5. As an Instance Administrator, I want to be able to have the previous way of working as default working after an upgrade.
      6. As an Instance Administrator, I want to be able to continue using the previous way of working after an upgrade.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              stian.sigvartsen Stian Sigvartsen
              Reporter:
              zsigmond.rab Zsigmond Rab
              Engineering Assignee:
              Stian Sigvartsen
              Recent user:
              Nóra Szél
              Participants of an Issue:
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Packages

                  Version Package
                  Master