Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Username or Email not updated from SAML. #15456

Closed
BarnumD opened this issue Sep 27, 2019 · 2 comments · Fixed by #17742
Closed

Username or Email not updated from SAML. #15456

BarnumD opened this issue Sep 27, 2019 · 2 comments · Fixed by #17742
Assignees
@pierre-lehnen-rc

Comments

@BarnumD
Copy link

BarnumD commented Sep 27, 2019

Description:

This is similar to Issue #6481, and PR #14275. However, those did not quite fix the issue for me.
We have connected our SAML environment to rocket chat to allow users to log in. However, the current configuration doesn't allow us to choose a globally unique and/or immutable identifier as primary ID (perhaps it's called Immutable field name) in Rocket.Chat. The latest implementation in #14275 allows you to choose between username and email for Immutable field name, but both of those can change at times - and should.

We have a staff ID that is unique across all of our organizations and I believe many other organizations would have this as well. This ID doesn't change even if someone gets married or changes their name. Is there a way to use that identifier to identify the rocket chat user account?

Steps to reproduce:

  1. Sign in with saml.
  2. change your username or email in saml environment.
  3. Sign in with saml.

Expected behavior:

A user should be tied to an immutable user id. That field should be the Immutable field name. Username and email should update from field taken from saml. This is because usernames and emails are expected to change when a person changes their name or marries.

Actual behavior:

Right now If I manually change both the username and email field to 'foo' and 'bar', only the field that is NOT in Immutable field name (whether username or email) updates from SAML to the correct value. I would expect the same thing to happen if I actually change my name in our personnel system which backs our SAML.

Server Setup Information:

  • Version of Rocket.Chat Server: 2.0.0
  • Operating System: Official Docker Container on Ubuntu
  • Deployment Method: Docker
  • Number of Running Instances: 1
  • DB Replicaset Oplog: unknown
  • NodeJS Version: unknown
  • MongoDB Version: 4.0

Additional context

One of my concerns is that I don't want our users to see other user's staff ID - especially when they type @ to look up a person. I would like that value to remain as the username.
@pierre-lehnen-rc pierre-lehnen-rc self-assigned this May 29, 2020
@pierre-lehnen-rc pierre-lehnen-rc mentioned this issue May 30, 2020
Merged
18 tasks
@Karreg
Copy link

Karreg commented Jan 26, 2021

@BarnumD was the issue fixed for you? This issue is closed with version 3.4, but I still can't choose any field other than email and username as immutable field in version 3.10.
So I'm still facing this issue...
Also, field mapping is not working as expected... :/

@BarnumD
Copy link
Author

BarnumD commented Jan 26, 2021

I don't currently have a rocket chat instance running to test.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pierre-lehnen-rc pierre-lehnen-rc

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[NEW] SAML quality improvements and new config options RocketChat/Rocket.Chat
3 participants
@BarnumD @Karreg @pierre-lehnen-rc