From 80e3aae95c3efd707437cf2a4b3e9236b37014bb Mon Sep 17 00:00:00 2001
From: Nicolas Metters <nicolas.metters@gmail.com>
Date: Thu, 16 Nov 2023 05:10:39 +0100
Subject: [PATCH 1/4] Update base.rb
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Updating the required_attribute_mapping to add "admin".

Otherwise, attribute isn't retrieved and can't be used in 👍 plugins/redmine_saml/lib/redmine_saml/patches/user_patch.rb
---
 lib/redmine_saml/base.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/redmine_saml/base.rb b/lib/redmine_saml/base.rb
index 3007147..dea5760 100644
--- a/lib/redmine_saml/base.rb
+++ b/lib/redmine_saml/base.rb
@@ -61,7 +61,7 @@ def validated_configuration?
       end
 
       def required_attribute_mapping
-        %i[login firstname lastname mail]
+        %i[login firstname lastname mail admin]
       end
 
       def validate_configuration!

From 18d9e3b4fac720788c3142c17d7a4c70aa6dff90 Mon Sep 17 00:00:00 2001
From: Nicolas Metters <nicolas.metters@gmail.com>
Date: Thu, 16 Nov 2023 06:01:52 +0100
Subject: [PATCH 2/4] Update user_patch.rb

Avoid error due to adding "admin" attribute to the requested list:

ActiveRecord::NotNullViolation (PG::NotNullViolation: ERROR:  null value in column "admin" of relation "users" violates not-null constraint
DETAIL:  Failing row contains (84, firstname.lastname, , firstname, lastname, null, 1, null, en, null, 2023-11-16 04:33:51.28808, 2023-11-16 04:33:51.28808, User, only_my_events, null, f, null, null, null, null, f, t).
):

plugins/redmine_saml/lib/redmine_saml/patches/user_patch.rb:28:in `find_or_create_from_omniauth'
---
 lib/redmine_saml/patches/user_patch.rb | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/lib/redmine_saml/patches/user_patch.rb b/lib/redmine_saml/patches/user_patch.rb
index e8ce90f..cb5b7a4 100644
--- a/lib/redmine_saml/patches/user_patch.rb
+++ b/lib/redmine_saml/patches/user_patch.rb
@@ -25,6 +25,12 @@ def find_or_create_from_omniauth(omniauth)
             user.login = user_attributes[:login].presence || user_attributes[:mail]
             user.language = Setting.default_language
             user.activate
+            if user_attributes[:admin].present?
+              user.admin = user_attributes[:admin]
+            else
+              user.admin = 'false'
+            end
+
             user.save!
             user.reload
           end
@@ -35,6 +41,11 @@ def find_or_create_from_omniauth(omniauth)
             user.admin = user_attributes[:admin] if user_attributes[:admin].present?
           end
 
+          # Debug : check attributes retrueved by the RedmineSaml.user_attributes_from_saml method
+          # File.write('/tmp/attributes.txt', user_attributes)
+
+
+          
           RedmineSaml.on_login_callback&.call omniauth, user
 
           user

From ca1de6f7d89c4cf5a0855c162956e0999de6b293 Mon Sep 17 00:00:00 2001
From: Nicolas Metters <nicolas.metters@gmail.com>
Date: Thu, 16 Nov 2023 18:52:02 +0100
Subject: [PATCH 3/4] Create login.css.redminebuttonstyle

Have a SSO login button using the Redmine style.

Inspired by the OpenID button style:
https://github.com/devopskube/redmine_openid_connect/tree/470de181cb7810db0c6c1d865454f29b8d8dfdc1
---
 .../stylesheets/login.css.redminebuttonstyle  | 20 +++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 assets/stylesheets/login.css.redminebuttonstyle

diff --git a/assets/stylesheets/login.css.redminebuttonstyle b/assets/stylesheets/login.css.redminebuttonstyle
new file mode 100644
index 0000000..dc5becf
--- /dev/null
+++ b/assets/stylesheets/login.css.redminebuttonstyle
@@ -0,0 +1,20 @@
+#saml-login {
+    margin: 1em auto 2em auto;
+    padding: 20px;
+    width: 340px;
+    border: 1px solid #FDBF3B;
+    background-color: #FFEBC1;
+    border-radius: 4px;
+    box-sizing: border-box;
+}
+
+#saml-login form button[type='submit'] {
+    display: block;
+    width: 100%;
+}
+
+#saml-login form button[type='submit']:hover {
+  background-color: #c7c6c5  !important;
+}
+
+#login-form table { margin-top: 2em; }

From ffda62c45fc3336b8aacfffa3bc45da67a78ab18 Mon Sep 17 00:00:00 2001
From: Nicolas Metters <nicolas.metters@gmail.com>
Date: Tue, 21 Nov 2023 02:37:58 +0100
Subject: [PATCH 4/4] Update en.yml

Update SAML invalid ticket to suggest most frequent source of error.
---
 config/locales/en.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/locales/en.yml b/config/locales/en.yml
index 14b34f3..bb7751d 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -1,6 +1,6 @@
 en:
   error_saml_authenticity_error: SAML authentication error
-  error_saml_invalid_ticket: Invalid SAML ticket
+  error_saml_invalid_ticket: Invalid SAML ticket (check IDP cert /IDP cert fingerprint)
   label_onthefly_creation: Create users automatically?
   label_replace_redmine_login: Replace Redmine login page
   label_saml_enabled: Enable SAML authentication