Add Microsoft Graph directory implementation
adamfranco opened this issue · 0 comments
adamfranco commented
Add a DirectoryInterface implementation that uses Microsoft Graph APIs rather than our on-prem CAS Directory web-service. This will wean us off CAS Directory web-service.
Challenges:
- Lookups based on MiddleburyCollegeUID
- Getting DN strings from groups found in AzureAD.
Notes from middlebury/wordpress#422:
The Group Claims returned in the SAML response include the Groups' ObjectIDs for all groups, but don't include the full DN like we've been using in DynamicAddUsers. The SAML response is also limited to 150 groups. Additional group and membership information is available through the Graph API. Rather than querying CAS Directory, the DynamicAddUsers plugin could query the Graph API for user and group information.
See also:
https://blogs.aaddevsup.xyz/2019/03/using-groups-claim-in-azure-active-directory/
- Implement lookups against MS Graph API.
- Make data-update script to load GUIDs for existing DNs where possible.
- Store group names locally for display in the form now that we are using GUIDs