5 Replies Latest reply on Jun 29, 2017 9:49 AM by matthewo

    Permission Based Content using SAML attribute value

    meg91476

      I've noticed there's a discussion out there asking if content can be displayed based on permissions pulled directly from Jive's REST api (Is there a way to use a user group/permission group membership as a variable? ).

       

      Has anyone tried doing something similar to this in a tile using a SAML attribute (something like memberOf, for example) instead?

        • Re: Permission Based Content using SAML attribute value
          Bryce Gilhooly

          We've surfaced different content to different users by leveraging which User Groups they're apart of.

           

          Over the next month or so we're looking at passing AD Security Groups (similar-ish to memberOf) as part of our SAML claim to manage User Groups upon login.

           

          While I don't think that answers your question directly, in a round-about way it should be possible to use SAML attributes to showcase different content to users.

           

          Hope that helps,

          Bryce.

          1 person found this helpful
          • Re: Permission Based Content using SAML attribute value
            meg91476

            Great, thank you both Bryce Gilhooly and Ryan Rutan for your responses and help!  Have either of you seen any example coding for this that I could potentially take a look at?  I'm still a little new to leveraging Jive's API, so still in that stage that it helps to see to understand.

              • Re: Permission Based Content using SAML attribute value

                Unfortunately, its a bit nebulous to offer up sample code in this case because I'm not quite sure how you are going to want to use it.  That being said, I would check out some of these documents to maybe get you started with some of the basics

                 

                Introducing the JiveDev QuickStart App > Oauth2 API Client

                Using Curl for Fun and Profit

                REST V3 API - Tips & Tricks

                REST API v3 Examples

                 

                Perhaps that will help at-least get you started on crafting your API requests.

                 

                Hope that helps.

                1 person found this helpful
                • Re: Permission Based Content using SAML attribute value
                  matthewo

                  Hey Megan,

                   

                  Here's an example of how we restricted access to one of our apps (using the jQuery library)

                   

                  osapi.jive.corev3.people.getViewer().execute(function(responsePerson) {

                      if (responsePerson.error) {

                          console.log(responsePerson.error.message);

                      } else {

                           // Gets the uri for the user's list of user group memberships

                          securityGroupList = responsePerson.resources.securityGroups.ref.replace("https://<yourInstance>/api/core/v3", "");

                      }

                   

                   

                      osapi.jive.core.get({

                          v: "v3",

                          href: securityGroupList

                          }).execute(function(responseSecGroup) {

                              if (responseSecGroup.error) {

                                  console.log("Failed to access the user's security group list.");

                                  console.log(responseSecGroup.error.message);

                              } else {

                                  authorized = false;

                                   // Iterates over each user group of which the user is a member and if the user group id matches the specified group, set the authorized variable to true

                   

                   

                                  $.each(responseSecGroup.list, function(key,value){

                                      if (responseSecGroup.list[key].id == "<desiredUserGroupID>") {

                                          authorized = true;

                                      }

                                  });

                   

                   

                                  if (authorized === true) {

                                      // Code for authorized user

                                  } else {

                                      // Code for unauthorized user

                                  }

                              }

                          });

                  });

                   

                  Hope this helps!

                   

                  Cheers

                  Matt

                  2 people found this helpful