Events
There are events within the plugin that developers can hook into.
# List
Modify AuthNRequest message.
\flipbox\saml\sp\services\messages\AuthnRequest::EVENT_AFTER_MESSAGE_CREATEDModify user or response before they're synced with Saml response attributes and saved.
\flipbox\saml\sp\services\Login::EVENT_BEFORE_RESPONSE_TO_USERModify the user after they've been synced with Saml response attributes and saved.
\flipbox\saml\sp\services\Login::EVENT_AFTER_RESPONSE_TO_USERModify where the user is redirected (the resulting value the RelayState).
\flipbox\saml\sp\controllers\LoginController::EVENT_BEFORE_RELAYSTATE_REDIRECTModify the RelayState after it's created and before it's sent off to the IdP (to be returned back to the SP/Craft)
\flipbox\saml\sp\controllers\LoginController::EVENT_AFTER_RELAYSTATE_CREATION
# Examples
# Assign User to a User Group Based on a Property
Event::on(
\flipbox\saml\sp\services\login\UserGroups::class,
\flipbox\saml\sp\services\login\UserGroups::EVENT_BEFORE_USER_GROUP_ASSIGN,
function(\flipbox\saml\sp\events\UserGroupAssign $event) {
/** @var \craft\elements\User $user */
$user=$event->user;
/** @var \craft\models\UserGroup[] $existingGroups */
$existingGroups = $event->existingGroups;
/** @var \craft\models\UserGroup[] $groupsFound */
$groupsFound = $event->groupsFoundInAssertions;
/** @var \SAML2\Response $response */
$response = $event->response;
// do what you need to do!
// get a list/array of groups (*this is a fictional service and method*)
/** @var \craft\models\UserGroup[] $groups */
$groups = $myService->getGroups($user);
// overwrite this property (these will be assigned to the user after event is run)
$event->groupToBeAssigned = $groups;
}
);
OR
Event::on(
\flipbox\saml\sp\services\Login::class,
\flipbox\saml\sp\services\Login::EVENT_AFTER_RESPONSE_TO_USER,
function (\flipbox\saml\sp\events\UserLogin $event) {
/** @var \craft\elements\User $user */
$user = $event->user;
// Get existing groups
$groups = [];
foreach ($user->getGroups() as $group) {
$groups[$group->id] = $group;
}
// Note: this is just an example but you can use your own logic here to
// add users to groups as needed.
// Custom/project logic to check if admin, if not, return (don't continue
// and add the user to the groups
if (! MyUserHelper::isAdminUser($user, $response)){
return;
}
// Get group by handle
$group = \Craft::$app->getUserGroups()->getGroupByHandle('myAdminGroup');
// Add it to the group array
$groups[$group->id] = $group;
// Get an array of ids
$groupIds = array_map(
function ($group) {
return $group->id;
},
$groups
);
// Assign them to the user groups
// Make sure to set all the groups the user needs to be associated with here.
// If you want the users to have their existing groups still associated
// re-add them (ie, [ ...existingGroupsIds, ...newGroupsIds])
if (\Craft::$app->getUsers()->assignUserToGroups($user->id, $groupIds)) {
/**
* Set the groups back on the user just in case it's being used after this.
*
* There is some odd behavior here but this ensures the groups are set
* in the local runtime cache on the user and they are set in the db.
*/
$user->setGroups($groups);
}
}
);
# Modify the Redirect After Successful Login
use flipbox\saml\sp\controllers\LoginController;
use flipbox\saml\sp\events\RelayState;
use yii\base\Event;
Event::on(
LoginController::class,
LoginController::EVENT_BEFORE_RELAYSTATE_REDIRECT,
function(RelayState $event) {
// This value will be used to redirect the user
$event->redirect = $event->redirect. '?logged-in-via=sso';
\flipbox\saml\sp\Saml::info('Raw RelayState: ' . $event->relayState);
\flipbox\saml\sp\Saml::info('User will be redirect to: ' . $event->redirect);
// Other fun stuff in this event ...
\flipbox\saml\sp\Saml::info('IdP: ' . $event->idp->getEntityId());
\flipbox\saml\sp\Saml::info('SP: ' . $event->sp->getEntityId());
}
);