Uploaded image for project: 'UX Product'
  1. UX Product
  2. UXPROD-2444

Login authorization attribute for SAML-based SSO

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Open (View Workflow)
    • Priority: TBD
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Template:
      UXPROD features
    • Potential Workaround:
      Continue to rely on an absence of FOLIO permissions.
    • Development Team:
      None
    • Calculated Total Rank:
      15
    • PO Rank:
      0
    • Rank: Chalmers (Impl Aut 2019):
      R3
    • Rank: Chicago (MVP Sum 2020):
      R3
    • Rank: Cornell (Full Sum 2021):
      R4
    • Rank: Duke (Full Sum 2021):
      R4
    • Rank: 5Colleges (Full Jul 2021):
      R4
    • Rank: GBV (MVP Sum 2020):
      R4
    • Rank: MO State (MVP June 2020):
      R4
    • Rank: TAMU (MVP Jan 2021):
      R3
    • Rank: U of AL (MVP Oct 2020):
      R4

      Description

      Overview:
      Allow each tenant to define a SAML attribute that is required for login authorization.
      If the SAML-based login at the SSO server is successful but the attribute is missing mod-login-saml rejects the login into FOLIO.

      Additional Information:
      Currently, mod-login-saml checks only for SAML authorization. That means anyone with campus SSO credentials can log in, and we rely on a lack of FOLIO permissions to prevent any activity. Better to simply not allow login if a user is unauthorized. In a SAML SSO environment, that would be done by checking for an attribute that explicitly grants login authorization.

      URL:
      Interested parties:

        TestRail: Results

          Attachments

            Activity

              People

              Assignee:
              tod Tod Olson
              Reporter:
              tod Tod Olson
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:

                  TestRail: Runs

                    TestRail: Cases