Provide a web interface to configure field mapping on a per IdP-basis

[jpahullo]

Our context

We are using this great plugin in production just with a single active IdP. But we need in the short term to add additional IdPs.

The need

A web interface to manage user field mapping for each IdP independently.

Current workaround

As stated on https://github.com/catalyst/moodle-auth_saml2#auth-proc-filter-hooks, we have to implement these hooks extend_auth_saml2_proc() on any lib.php to support and customize different mappings from other IdP.

Actually, if you want to add several IdPs, with high provability, the settings and user field mapping would differ. So, when working with several IdP this is "a must".

The request

There are several ways we could affort it on the current plugin, I think:

1. Provide a new page for each IdP with its specific field mapping.
   1. It was already proposed on Allow IdP to have separate config settings including field mappings #804.
2. Provide a tab for each IdP on the main page. Not only show the current field mapping as it appears now, but with a new tab for each IdP on the list.
   1. It was my first idea, as it is addressed this way in several places on the Moodle core.

However, I would prefer option #804 so it is cleaner: main page contains the general settings, and then each IdP contains each specific settings, including user field mapping. Not tried. Just analysed the code from the PR.

I open this issue since, as a result of my research on the list of issues, there is no issue requesting this feature.

The million dollar question

Would you be interested on including this feature? Would PR #804 be a good starting point if not enough?

I would propose to my supervisors implement something more functional (not requiring re/implementing lib.php functions) for just setting the necessary configuration fields for each IdP on the web, so that any administrator could manage and keeping them properly. This kind of solution would be more sustainable from a programming point of view.

Thanks for this great plugin.

Jordi

[danmarsden]

my first question would be... can you test the PR in #804 and see if it meets your needs/post that feedback on the PR?

[jpahullo]

Hi @danmarsden ,

Good to read you again.

I like your proposal. In short we want to implement this feature.

Starting or not from the aforementioned PR, Dan, would you be interested on having such a funcionality on your plugin? I mean, would you be interested on providing a user field mapping indepenent and particular for each IdP on the list?

Knowing your answer would provide us more energy implementing this kind of solution, instead of implementing filter hooks.

Thanks a lot for this plugin.

PD: Seen last update on Moodle 4.5 ;-)

Jordi

[danmarsden]

we are definitely interested in merging that PR - it was completed by our EU team for a client.

Best thing for you to do would be to test it and see if it meets your needs and then give us some feedback on it.

[jpahullo]

Thanks @danmarsden for your feedback.

I will be back with some new details on this issue.

Thanks a lot!