Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Storing extra attributes in custom user profile #395

Open
ahkumar opened this issue Jan 9, 2024 · 9 comments
Open

Storing extra attributes in custom user profile #395

ahkumar opened this issue Jan 9, 2024 · 9 comments

Comments

@ahkumar
Copy link

ahkumar commented Jan 9, 2024

Dear djangosaml2 team,

I have a user profile with additional attributes to store from saml assertions, my user profile model uses default django User model with onetoonefiled -> User(django.contrib.auth.models)

My understanding from the below reading of the documentation is, if the additional attributes to store are specified in SAML_ATTRIBUTE_MAPPING then djangosaml2 will attempt to store the same in my custom profile if those attributes are not found in the User model.

Could you please help me clarify if this is true or not? My attempt to try to store extra attributes to user profile has been unsuccessful hence the question.

=> https://djangosaml2.readthedocs.io/contents/setup.html#configuration >

....
If you are using Django user profile objects to store extra attributes about your user you can add those attributes to the SAML_ATTRIBUTE_MAPPING dictionary. For each (key, value) pair, djangosaml2 will try to store the attribute in the User model if there is a matching field in that model. Otherwise it will try to do the same with your profile custom model. For multi-valued attributes only the first value is assigned to the destination field.
...

Thanks!
@peppelinux
Copy link
Member

peppelinux commented Jan 9, 2024
edited

watch this

djangosaml2/djangosaml2/backends.py

Line 100 in fcee903

def _get_attribute_value(

the documentation means something like a custom user model (not the django one)

at the same time you can inherit the backend and configure it here
https://github.com/IdentityPython/djangosaml2/blob/fcee903dce5539bd179cf1b7b8fdc3cc592ee831/docs/source/contents/setup.rst#authentication-backend

and then with your code you can do whatever you want, otherwise you can define a saml user model as well, as you can read here

djangosaml2/djangosaml2/backends.py

Line 50 in fcee903

def _user_model(self):

all the way you read the backend file, you'll find the path that better fits your needs or taste.

Could I ask you to use your dev experience to provide some improvements to the current documentation once you have solved your problem? that would be for the people like me and you

thx!

@ahkumar
Copy link
Author

ahkumar commented Jan 9, 2024

@peppelinux thank you for prompt response. Sure I would be happy to provide any improvements to the documentation based on my understanding through my challenges. I do have my AUTHENTICATION_BACKENDS set as shown above and I have a working setup for basic auth and now trying to save additional attributes needed for my app.

My challenge has been, it appears that pre_user_save signals have be done away with from the code, based on some of the threads I read. Seemed easier to listen to the signal and update the attributes of my choice in my user profile model. My user profile model relies on django User model. May be there is reason for moving away from signals.

Given I am extending an already existing user profile and not writing my own, my choices are limited. And only option now seems to be to override with class ModifiedSaml2Backend(Saml2Backend): and _update_user to get access to saml attributes and save it using a methods from my use profile, a little more full example would help new users like me.

Unless you see there are other ways to communicate additional attributes elsewhere to other models?

Thanks!

@peppelinux
Copy link
Member

you can use the signals as well, sure, sorry for not having mentioned them

you have many way according to your tastes and design requirements

@ahkumar
Copy link
Author

ahkumar commented Jan 10, 2024

Great, thanks I will give it a try. That mention on signals is certainly missing from the documentation https://djangosaml2.readthedocs.io/index.html

@ahkumar
Copy link
Author

ahkumar commented Jan 12, 2024

@peppelinux BTW based on my digging support was removed for signals from the code. I see no corresponding sends for signals defined. Is that how you see it?

Thanks!

@peppelinux
Copy link
Member

https://github.com/IdentityPython/djangosaml2/blob/master/djangosaml2/signals.py

@ahkumar
Copy link
Author

ahkumar commented Jan 15, 2024

@peppelinux thx. It appears that signals file is just a skeleton without any part of the djangosaml2 code actually sending signals. Digging through further I stumbled upon #287. Here I see WiP from @DylannCordel were not incorporated.
@oliwarner post hook that was mentioned is certainly available for use. From my little experience post hook method certainly works and helpful. It wouldn't hurt having the signals working as well.

@peppelinux
Copy link
Member

software is often affected by its author's tastes and completely personal positions. This project rather wants to be driven by its community and personally I have used both signals and inheritance in this kind of problem and with success. I am therefore completely neutral and would like both possibilities to be used by those who use djangosaml2.

To do this I need contributors, people who request, develop and test the functionality. Following this we can make a release together

@ahkumar
Copy link
Author

ahkumar commented Jan 16, 2024

@peppelinux I will give @DylannCordel WiP a shot and see if I can validate that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@peppelinux @ahkumar