Additional Accreditation Step For SSO Users

Owned by Jules DELEUZE (Unlicensed)
Last updated: Jan 09, 2023 by Olivier Grenet
1 min read

Since 11.5.3

Connections via SAML2 or OAUth2 allow you to create a new local user if it does not already exist.

 

It may be useful to create this user but not to immediately give him the right to access the platform and have the user go through a validation step.

In this case, it must be possible to inform users that their authentication was validated, but that they must wait before using the platform for an extra accreditation step.

The procedure for this case is as follows:

  • In a user’s automatic creation mappings or in a "before insert" trigger, the user’s "activated" field must be set to "false".

  • In this case, during the authentication procedure (when athe identity server returns a positive answer), an instance of "wsnoheto.engine.login.sso.UserDisabled" is added to the session in the attribute "wsnoheto.engine.login.sso.UserDisabled".

This object (present in the JavaDoc) makes it possible to find the user object just created in idle state.

Just use this session attribute in your login page to display information about the validation process the user should follow.

Â