Awx: Add support for Org/Team/Superuser mapping via groups through a predefined SAML attribute

cc @wenottingham seems like something that would need to run through product first

All for doing it, but it would need done in a reasonable, extensible, way rather than the "write a custom python mapping function and shove it in settings.py" way that has been done as one-offs in the past.

I forget if it was via email or the original issue but I passed along a sample snippet to someone @matburt maybe? back when I made an implementation of this during an Ansible consulting engagement.

hmm, I looked for this and don't seem to have it... but I do remember this 😢

@matburt @wenottingham here's a sanitized version of what was passed around internally. I recommend using Okta's free dev account thing to do testing. It seems to facilitate automated testing too so it might fit in to whatever is being used for CI these days.

https://gist.github.com/defionscode/fc21488e44d73cdd919f81ee1b43e204

Does anyone know when this functionality will be added?

When someone writes it? This is an RFE ticket.

so...I made/maintain a django SAM2L package that might be better overall than how tower currently does it. just putting it here for ref https://github.com/MindPointGroup/django-saml2-pro-auth

Note to UI. Two fields in the tower settings need to be exposed SOCIAL_AUTH_SAML_TEAM_ATTR and SOCIAL_AUTH_SAML_ORGANIZATION_ATTR

@jakemcdermott @chrismeyersfsu can this be closed?

Yes,this landed.

Wahoo! You guys are the best!

Hello,
Can you add the capability to add users as organization administrator ?
Bonus: As AWX administrator (like @defionscode proposal)