Merge pull request #26 from jaredhendrickson13/fix/populate-saml-grou…

…p-privs-as-user-privs fix: populate saml group privs in get_user_privileges()
jaredhendrickson13 · Oct 19, 2023 · 61eb184 · 61eb184
2 parents 091ef50 + 2415d30
commit 61eb184
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/pfSense-pkg-saml2-auth/files/etc/inc/saml2_auth/overrides/2.7.0-RELEASE/auth.inc b/pfSense-pkg-saml2-auth/files/etc/inc/saml2_auth/overrides/2.7.0-RELEASE/auth.inc
@@ -380,6 +380,13 @@ function get_user_privileges(& $user) {
         }
     }
 
+    # Added by pfSense-pkg-saml2-auth - set SAML2 user's group assignments as specified by the SAML2 assertion
+    if ($_SESSION["authsource"] === "SAML2") {
+        require_once("saml2_auth/SAML2Auth.inc");
+        $pkg_conf = SAML2Auth::get_package_config()[1];
+        $allowed_groups = $_SESSION["saml2_user_data"][$pkg_conf["idp_groups_attribute"]];
+    }
+
     if (empty($allowed_groups)) {
         $allowed_groups = local_user_get_groups($user, true);
     }
@@ -2496,4 +2503,4 @@ EOD;
     @file_put_contents("/etc/pam.d/system", $header . $pam_system);
     @file_put_contents("/etc/nsswitch.conf", $header . $nsswitch);
 }
-?>
+?>