Skip to content

[Feature] Provide IdpAuthenticator that checks email domains #166

New issue
New issue
Open
Open
[Feature] Provide IdpAuthenticator that checks email domains#166
Labels
enhancementNew feature or request
@sventorben

Description

@sventorben
sventorben
opened on Mar 11, 2023

Is there an existing feature request for this?

  • I have searched the existing issues

Is your feature related to a problem? Please describe.

When users register through an identity provider with a managed domain, I would like to ensure that only users with an email domain equal to the configured domain can regsiter via the idp.

Describe the solution you'd like

Implement an AbstractIdpAuthenticator that checks if domains match:

  • Load IdentityProviderConfigModel with identityProviderId from SerializedBrokeredIdentityContext
  • Wrap the ConfigModel in an IdentityProviderModelConfig
  • Read domains from the IdentityProviderModelConfig and match with user email from SerializedBrokeredIdentityContext
  • Use DomainExtractor (how to get the config of the HIdPD Authenticator`?)

Describe alternatives you've considered

No response

Anything else?

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions