Fluid Topics v3.7.44 introduces the possibility to migrate multiple user authentication realms simultaneously by making the "overridesUserFromRealm" property accept a list of realms as follows:
overridesUserFromRealm: "realm1|realm2|realm3"
- Once migration is complete, overridden accounts are removed and can no longer be used.
- The static and root realms do not support this feature. If used, the "overridesUserFromRealm" configuration parameter will be ignored.
Use case
An administrator wants to migrate the "internal", "google", and "facebook" user authentication realms to the "saml2" user authentication realm. In the "authentication" object of the conf.json configuration file, they add the "overridesUserFromRealm" property to the "realms" parameter corresponding to the "saml2" realm as follows:
{
"ui": {
"authentication": {
"realms": [
{
"type": "saml2",
"name": "saml2",
"configuration": {
"name": "saml2",
"keystoreFile": "saml/keystore.jks",
"keystorePassword": "foobar_password",
"privateKeyPassword": "foobar_key",
"entityId": "https://foobar.fluidtopics.net/",
"idpMetadataFile": "saml/foobar.xml",
"idPropertyKey": "email",
"mailPropertyKey": "email",
"namePropertyKey": "displayname",
"groupsPropertyKey": "role",
"maxAuthenticationLifetime": "32400",
"overridesUserFromRealm": "internal|google|facebook"
}
}
]
}
}
}
In this example, the "saml2" realm will retrieve user information from the "internal", "google", and "facebook" realms the next time the user signs in. Consequently, all previous data from these three realms will be associated with a newly created "saml2" profile.