We have been using SimpleSAMLphp for a while, and the Drupal module that integrated that Library allowed us to create multiple role assignment rules, that could match any SAML Property that was included in the exchange. This allowed us to use our ITs group management policies or an individually identifying piece of data (like email address) to assign roles. We'd like to be able to match a variety of properties to assign several different roles, and currently it appears that we can only select a single property, and then use the variety of values in that property to assign roles.
Could we make the interface for role assignment support more than one property? Maybe it could be a multivalue field that could accept multiple rows, each with a value and a drupal role to assign if that value exists?
Comments