Allow ADFS login for accounts without a SAML emailaddress#135
Conversation
|
I think this is fine as long as we don't anticipate any new users to the system. That being said, with decommissioning on the horizon, I doubt it's worth worrying about such things. For the sake of knowledge sharing, the email address claim is also referenced in |
I've updated the PR: |
e5d0e49 to
e5aab29
Compare
|
I've now reverted to the previously approved version, which I'll merge now. Here are Miles's additional comments:
|
The PHE ADFS server now includes blank email addresses for (some?) ex @PhE staff. This PR ignores the
emailaddressSAML field: theUserobject being updated on login, which was causing an error when a blank email address was being applied. Instead, users are identified by theupn(which contains their email address).I've deployed this to the beta site before review, to confirm that it works.