Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature] Provide IdpAuthenticator that checks email domains #166

Open
1 task done
sventorben opened this issue Mar 11, 2023 · 0 comments
Open
1 task done

[Feature] Provide IdpAuthenticator that checks email domains #166

sventorben opened this issue Mar 11, 2023 · 0 comments
Labels
enhancement New feature or request

Comments

@sventorben
Copy link
Owner

Is there an existing feature request for this?

  • I have searched the existing issues

Is your feature related to a problem? Please describe.

When users register through an identity provider with a managed domain, I would like to ensure that only users with an email domain equal to the configured domain can regsiter via the idp.

Describe the solution you'd like

Implement an AbstractIdpAuthenticator that checks if domains match:

  • Load IdentityProviderConfigModel with identityProviderId from SerializedBrokeredIdentityContext
  • Wrap the ConfigModel in an IdentityProviderModelConfig
  • Read domains from the IdentityProviderModelConfig and match with user email from SerializedBrokeredIdentityContext
  • Use DomainExtractor (how to get the config of the HIdPD Authenticator`?)

Describe alternatives you've considered

No response

Anything else?

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sventorben