The error saving the user is logged to application.log. Previously,
the entry had no context and was unusable - 'Error saving user:
[Email address already taken]'. Adding the auth hash UID and email
makes the error more helpful.
some OAuth providers (kerberos for example) only provide a username and an email, but no name. Therefore
a signup fails because the name is empty. Best guess for the name is
probably the username, therefore use it as name.
Code tweaks in 45e9150a caused the ldap_person method to not return expected results.
Improved tests to cover the ldap_person method, which was previously stubbed.
Until now, a user needed to first sign in with his LDAP identity and then manually
link his/her account with an omniauth identity from their profile.
Only when this is done can the user authenticate with the omniauth provider and at
the same time benefit from the LDAP integration (HTTPS authentication with LDAP
username/password and in EE: LDAP groups, SSH keys etc.).
This feature automates the process by looking up a corresponding LDAP person when a
user connects with omniauth for the first time and then automatically linking the LDAP
and omniauth identities (of course, like the existing allow_single_sign_on setting,
this is meant to be used with trusted omniauth providers).
The result is identical to a manual account link.
Add config initializers for other omniauth settings.
Robin Bobbitt
Nick Thomas
James Lopez
Douwe Maan
geoandri
Sean McGivern
Drew Blessing
Patricio Cano
Douwe Maan
Steffen Köhler
Alex Lossent
Robert Speicher