Support » Plugin: Shibboleth » Role based on Null value

  • Resolved timmmmyboy

    (@timmmmyboy)


    I have a use case where an org wants to set a subscriber role if a particular header has an empty attribute. The header could have several different values assigned to it and all of those would be fine to get the default role but if the header value is empty they’d like the user’s role to be subscriber. Is that something that could work with the current plugin or something I could make minor modifications to work?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Contributor Jonathan Champ

    (@jrchamp)

    There’s two easy options that come to mind:

    1. If all users have the header, then you can set the default role to subscriber.
    2. If only some users have the header, it seems weird for empty to be a valid value. You may want to replace the empty value with a special, made up value like “__empty__” and then use that fake value in the Shibboleth plugin configuration. That way you don’t have to modify the Shibboleth plugin and just need to add a custom function hook that checks for empty:

    if (isset($_SERVER['myShibHeader']) && $_SERVER['myShibHeader'] === '') {
      $_SERVER['myShibHeader'] = '__empty__';
    }

    It’s definitely a bit of an odd scenario for sure. #1 wouldn’t work because we actually do want the default value for the majority of users to be Author. We are trying to target a subset of users that won’t have access to the system (essentially graduates, terminations, and retirees at a school). Because there are different potential headers and values for various scenarios they figured the easiest way was rather than try to do multiple values (which I know isn’t supported and there were many values anyway) to just say “if this header has no value they are a subscriber, otherwise proceed as normal”. So to be clear all users will have this header passed to us, but a small portion may have it be an empty value and those are the ones we want to take action on both on first login as well as checking and updating the role based on that information. #2 sounds like it could work in that scenario so I’m going to give that a try. Thanks!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Role based on Null value’ is closed to new replies.