in src/main/java/org/apache/sling/auth/saml2/impl/Saml2UserMgtServiceImpl.java [145:179]
public boolean updateGroupMembership(Saml2User user) {
// get list of groups from assertion (see ConsumerServlet::doUserManagement)
try {
User jrcUser = (User) this.userManager.getAuthorizable(user.getId());
Iterator<Authorizable> allGroups = userManager.findAuthorizables("jcr:primaryType", "rep:Group");
// get and iterate all groups
while (allGroups.hasNext()) {
Group managedGroup = (Group) allGroups.next();
// IF a group has managedProperty flag set true
Value[] valueList = managedGroup.getProperty("managedGroup");
if (valueList == null && user.getGroupMembership().contains(managedGroup.getID())) {
// IF the group does not have the managedGroup flag
// AND the group is in the ext users groupMembership list
// THEN set the managedGroup flag and add user
managedGroup.setProperty("managedGroup", vf.createValue(true));
managedGroup.addMember(jrcUser);
} else if (valueList != null && valueList.length > 0 && valueList[0].getBoolean()) {
// IF the group has the managedGroup flag set
// AND the users list of groups (from assertion) contains this group ID
// THEN add the user to the managed group
// ELSE remove the user from the managed group
if (user.getGroupMembership().contains(managedGroup.getID())) {
managedGroup.addMember(jrcUser);
} else {
managedGroup.removeMember(jrcUser);
}
}
}
session.save();
return true;
} catch (RepositoryException e) {
logger.error("RepositoryException", e);
return false;
}
}