0

Hi All, We’re using the SAML module with a custom Java action inside our `Custom User Provisioning` microflow per the SAML module. We’ve created this in a separate module, SAML_Customizations, so that we can keep the module up to date without losing our custom logic. The microflow receives the XML from our IdP and splits it out into a comma-separated list that matches the Project Security roles we have in Mendix. It retrieves all roles, iterates through, and adds a new role wherever it finds a match. What I cannot figure out how to solve, however, is the best way to deal with role changes that are not additions, e.g. for users who may be demoted, in which case they would lose privileges. I was thinking the best way to start would be to find all roles for the user and delete them, but this ended up breaking our SSO completely. Am I on the right path here? Should I have a decision to see if the user exists and then proceed from there? Should I put it within one of the iterations? Appreciate any help and guidance you all can provide. Please note we are on 8.11 but it was not available in the dropdown selector. Thanks! Chris

asked 2020-07-24

1 answers