src/STS/Controllers/ORCiDController.cs

@@ -60,7 +60,7 @@ namespace Coscine.Api.STS.Controllers
                 var mapping = externalIdModel.GetAllWhere((map) => map.ExternalId1 == ORCiD && map.ExternalAuthenticatorId == orcidAuthItem.Id);
                 var userModel = new UserModel();
                 User user;
-                if (mapping.Count() > 0)
+                if (mapping.Any())
                 {
                     var userId = mapping.First().UserId;
                     user = userModel.GetById(userId);

src/STS/Controllers/ShibbolethController.cs

-using Coscine.Database.DataModel;
-using Coscine.Database.Models;
-using Coscine.Api.STS.Data;
+using Coscine.Api.STS.Data;
 using Coscine.Api.STS.Utils;
+using Coscine.Database.DataModel;
+using Coscine.Database.Models;
+using Coscine.Metadata;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
 using System;
@@ -14,10 +15,12 @@ namespace Coscine.Api.STS.Controllers
     public class ShibbolethController : Controller
     {
         private readonly SignInManager<CoscineUser> _signInManager;
+        private readonly RdfStoreConnector _rdfStoreConnector;
 
         public ShibbolethController(SignInManager<CoscineUser> signInManager)
         {
             _signInManager = signInManager;
+            _rdfStoreConnector = new RdfStoreConnector(Program.Configuration.GetString("coscine/local/virtuoso/additional/url"));
         }
 
         [Route("[controller]/callback")]
@@ -40,20 +43,20 @@ namespace Coscine.Api.STS.Controllers
             var externalIdModel = new ExternalIdModel();
             var entity = info.Principal.FindFirstValue(ShibbolethAttributeMapping.Identifier);
 
-            var identifier = entity.Substring(entity.IndexOf(">") + 1);
+            var identifier = entity[(entity.IndexOf(">") + 1)..];
             identifier = identifier.Substring(0, identifier.IndexOf("<"));
 
-            var organization = entity.Substring(entity.IndexOf("NameQualifier=\"") + "NameQualifier=\"".Length);
-            organization = organization.Substring(0, organization.IndexOf("\""));
+            var entityId = entity[(entity.IndexOf("NameQualifier=\"") + "NameQualifier=\"".Length)..];
+            entityId = entityId.Substring(0, entityId.IndexOf("\""));
 
             var mapping = externalIdModel.GetAllWhere((map) => 
                 map.ExternalId1 == identifier 
                 && map.ExternalAuthenticatorId == shibbolethAuthItem.Id
-                && map.Organization == organization
+                && map.Organization == entityId
             );
             User user;
             var userModel = new UserModel();
-            if (mapping.Count() > 0)
+            if (mapping.Any())
             {
                 var userId = mapping.First().UserId;
                 user = userModel.GetById(userId);
@@ -66,11 +69,36 @@ namespace Coscine.Api.STS.Controllers
                 {
                     ExternalId1 = identifier,
                     ExternalAuthenticatorId = shibbolethAuthItem.Id,
-                    Organization = organization,
+                    Organization = entityId,
                     UserId = user.Id
                 });
             }
 
+            var userGraphName = $"{_rdfStoreConnector.UserUrlPrefix}/{user.Id}";
+
+            // Make sure the user graph exists.
+            _rdfStoreConnector.EnsureGraph(userGraphName);
+
+            // Get organization.
+            var organization = _rdfStoreConnector.GetOrganization(entityId, identifier);
+
+            // Can only update data if an org was found.
+            if(organization != null)
+            {
+                // Drop old membership infromation.
+                _rdfStoreConnector.RemoveMembershipData(userGraphName, organization);
+
+                // Reverse lookup...
+                var eduPersonScopedAffiliation = info.Principal.FindFirstValue(ShibbolethAttributeMapping.LabelMapping.FirstOrDefault(x => x.Value == "Entitlement").Key);
+                if (eduPersonScopedAffiliation.StartsWith("employee@")
+                    // Check for test shib (employee user is actually member...).
+                    || (eduPersonScopedAffiliation.StartsWith("member@") && entityId == "https://login-test.rz.rwth-aachen.de/shibboleth"))
+                {
+                    // Add membership information.
+                    _rdfStoreConnector.AddMemebershipData(userGraphName, organization);
+                }
+            }
+
             var coscineUser = new CoscineUser()
             {
                 UserName = user.Id.ToString(),

src/STS/STS.csproj

@@ -6,7 +6,7 @@
 	<GenerateDocumentationFile>true</GenerateDocumentationFile>
     <TargetFramework>net5.0</TargetFramework>
     <GenerateAssemblyInfo>false</GenerateAssemblyInfo>
-  <Version>2.1.0</Version></PropertyGroup>
+  <Version>2.2.0</Version></PropertyGroup>
 	<PropertyGroup>
 		<Authors>RWTH Aachen University</Authors>
 		<Company>IT Center, RWTH Aachen University</Company>
@@ -20,6 +20,7 @@
     <PackageReference Include="Coscine.Action" Version="2.*-*" />
     <PackageReference Include="Coscine.ActiveDirectory" Version="2.*-*" />
     <PackageReference Include="Coscine.ApiCommons" Version="2.*-*" />
+    <PackageReference Include="Coscine.Metadata" Version="2.1.0-topic-1425-fhpri0003" />
     <PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="3.1.12" />
     <PackageReference Include="Microsoft.EntityFrameworkCore.InMemory" Version="3.1.12" />
     <PackageReference Include="Microsoft.IdentityModel.Tokens.Saml" Version="6.8.0" />