How to get SAML attributes?

[marcus-leonard]

I have a basic D7 module which piggybacks on D7's simplesamlphp_auth module and populates some values into some user profile fields. (Doesn't have any config UI, the attributes to get are hard-coded in the module.) It's based on https://www.drupal.org/node/2414567 but it doesn't work on Backdrop.

Could I please get some pointers on getting it to work? I'm tinkering with something like this, but not getting anything in the user fields. (SimpleSAMLphp shows attributes arriving from IdP.)

function simplesamlphp_auth_extra_user_presave($account) {
	if ($category == 'account') {
		global $_simplesamlphp_auth_saml_attributes;

		if (isset($_simplesamlphp_auth_saml_attributes['givenname'])) {
			$edit['field_first_name'][LANGUAGE_NONE][0]['value'] = $_simplesamlphp_auth_saml_attributes['givenname'];
		}
		// More attributes here...
	}
}

[laryn]

Do you see anything in the global $_simplesamlphp_auth_saml_attributes variable if you move that global to the top of the function, outside of that if statement? (In the code shown here, $category does not exist so you'll never pass that if logic.)

References that may be useful RE: $category being removed (inherited from early Drupal 8 development):

• https://docs.backdropcms.org/change-records/the-category-system-has-been-removed-from-user-edit-and-user-view
• https://docs.backdropcms.org/api/backdrop/core%21modules%21user%21user.api.php/function/hook_user_presave/1

[marcus-leonard]

I commented the $category lines:

function simplesamlphp_auth_extra_user_presave($account) {
	//if ($category == 'account') {
		global $_simplesamlphp_auth_saml_attributes;

		if (isset($_simplesamlphp_auth_saml_attributes['givenname']))
			$edit['field_first_name'][LANGUAGE_NONE][0]['value'] = $_simplesamlphp_auth_saml_attributes['givenname'];


	//}
}

But no luck.

I'm wondering about the switch from
function simplesamlphp_auth_extra_user_presave(&$edit, $account)
to
function simplesamlphp_auth_extra_user_presave($account)
( See https://docs.backdropcms.org/change-records/the-category-system-has-been-removed-from-user-edit-and-user-view)
That page seems to indicate hook_user_presave(&$edit, $account) is still a thing, but the hook_user_presave doc (https://docs.backdropcms.org/api/backdrop/core%21modules%21user%21user.api.php/function/hook_user_presave/1) only mentions the one parameter hook_user_presave($account).

Using devel to debug shows the saml attributes are all there. Just can't work out how to write them to the user fields.

[laryn]

@marcus-leonard
You'll need to test but the change should look something like this. Instead of:

$edit['field_first_name'][LANGUAGE_NONE][0]['value'] = $_simplesamlphp_auth_saml_attributes['givenname'];

I think you'll need to add it directly to the $account object:

$account->field_first_name[LANGUAGE_NONE][0]['value'] = $_simplesamlphp_auth_saml_attributes['givenname'];

I think that you're right that one of those pages needs updating to remove &$edit from the hook. Would you be willing to file an issue here? https://github.com/backdrop-ops/docs.backdropcms.org/issues

[laryn]

@marcus-leonard I filed this issue: backdrop-ops/docs.backdropcms.org#224

[marcus-leonard]

@laryn thank you! That's done it.
Thanks for filing the issue (very different timezone here).

Assuming this is ok to close.

[laryn]

@marcus-leonard I merged a bunch of commits today -- are you able to test the latest dev version? I'd like to get a few other people doing tests on their ends before I make the next release.

[marcus-leonard]

@laryn Yes, will do and let you know.

[marcus-leonard]

@laryn To start with, admin UI and login behaviour are OK. Login, logout, working fine.

I'm not having much luck with the module's block. I add it to a layout and set a visibility condition for =user/login= but it shows everywhere. I tell it have no title but it does anyway. I'm not very familiar with layouts yet, so I could be missing something, and I've always done a custom block for the SAML login (on Drupal) in the past, because I've got more control over how it looks.

I'm getting an error that I doubt is being caused by simplesamlphp_auth but I'll note it here just in case. If I edit a profile field, I get two messages

• (red cross) "Notice: Undefined index: pass in user_profile_form_submit() (line 376 of /srv/www/profess/backdrop/core/modules/user/user.pages.inc)."
• (green tick) "The changes have been saved."

This seems like a core bug(?), but this site is Bd 1.23.0 so I should probably update and see if it persists.

Anyway, apart from the block issues (which could be me), SAML login functionality seems fine and it's passing the attributes to my helper module.

[laryn]

@marcus-leonard That block issue sounds like maybe a layouts configuration misunderstanding. Is it perhaps added to multiple layouts (with configuration such as title differently set on different layouts)?

On the password notice, I wonder if it could related to these settings:

Maybe worth opening a new issue in this module's issue queue if you do some testing and think it's related to those.