fix: example app deployment with saml login app

2023-11-02 18:32:37 +01:00
parent 8075071f22
commit 8fe8423071
31 changed files with 540 additions and 203 deletions
--- a/components/hydra-saml/files/hydra/saml.yaml
+++ b/components/hydra-saml/files/hydra/saml.yaml
@ -10,4 +10,21 @@ hydra:
      login_url: "%env(string:HYDRA_DISPATCHER_SAML_LOGIN_URL)%"
      consent_url: "%env(string:HYDRA_DISPATCHER_SAML_CONSENT_URL)%"
      logout_url: "%env(string:HYDRA_DISPATCHER_SAML_LOGOUT_URL)%"
-      attributes_rewrite_rules: []
+      attributes_rewrite_configuration:
+        uid:
+          rules:
+          - "property_exists(consent.session.id_token, 'uid') ? consent.session.id_token.uid : null"
+        email:
+          rules:
+          - "property_exists(consent.session.id_token, 'email') ? consent.session.id_token.email : null"
+        eduPersonAffiliation:
+          rules:
+          - "property_exists(consent.session.id_token, 'eduPersonAffiliation') ? consent.session.id_token.eduPersonAffiliation : null"
+  firewall:
+    rules:
+      email:
+        required: false
+      uid:
+        required: false
+      eduPersonAffiliation:
+        required: false
--- a/components/hydra-saml/files/shibboleth-sp/attribute-map.inc.xml
+++ b/components/hydra-saml/files/shibboleth-sp/attribute-map.inc.xml
@ -0,0 +1,3 @@
+<Attribute name="uid" nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" id="uid" />
+<Attribute name="eduPersonAffiliation" nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" id="eduPersonAffiliation" />
+<Attribute name="email" nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" id="email" />