From 912c83918d76636f0f7511ece57efc200dc4d1db Mon Sep 17 00:00:00 2001
From: Longze Chen <cslzchen@gmail.com>
Date: Wed, 20 Jul 2022 00:49:05 -0400
Subject: [PATCH 1/2] Update shared SSO to support userRoles

---
 ...PrincipalFromNonInteractiveCredentialsAction.java | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/main/java/io/cos/cas/osf/web/flow/login/OsfPrincipalFromNonInteractiveCredentialsAction.java b/src/main/java/io/cos/cas/osf/web/flow/login/OsfPrincipalFromNonInteractiveCredentialsAction.java
index c314382..c74ca52 100644
--- a/src/main/java/io/cos/cas/osf/web/flow/login/OsfPrincipalFromNonInteractiveCredentialsAction.java
+++ b/src/main/java/io/cos/cas/osf/web/flow/login/OsfPrincipalFromNonInteractiveCredentialsAction.java
@@ -558,6 +558,7 @@ private OsfApiInstitutionAuthenticationResult notifyOsfApiOfInstnAuthnSuccess(
         final String givenName = user.optString("givenName").trim();
         final String familyName = user.optString("familyName").trim();
         final String isMemberOf = user.optString("isMemberOf").trim();
+        final String userRoles = user.optString("userRoles").trim();
         if (username.isEmpty()) {
             LOGGER.error("[CAS XSLT] Missing email (username) for user at institution '{}'", institutionId);
             throw new InstitutionSsoFailedException("Missing email (username)");
@@ -568,13 +569,20 @@ private OsfApiInstitutionAuthenticationResult notifyOsfApiOfInstnAuthnSuccess(
         }
         if (!isMemberOf.isEmpty()) {
             LOGGER.info(
-                    "[CAS XSLT] Secondary institution detected: username={}, institution={}, member={}",
+                    "[CAS XSLT] Shared SSO \"isMemberOf\" detected: username={}, institution={}, isMemberOf={}",
                     username,
                     institutionId,
                     isMemberOf
             );
+        } else if (!userRoles.isEmpty()) {
+            LOGGER.info(
+                    "[CAS XSLT] Shared SSO \"userRoles\" detected: username={}, institution={}, userRoles={}",
+                    username,
+                    institutionId,
+                    userRoles
+            );
         } else {
-            LOGGER.debug("[CAS XSLT] Secondary institution is not provided: username={}, institution={}", username, institutionId);
+            LOGGER.debug("[CAS XSLT] Shared SSO not eligible: username={}, institution={}", username, institutionId);
         }
         // Parse the department attribute
         final String departmentRaw = user.optString("departmentRaw").trim();

From d675102659ae048f580b23812b30dea39a2455de Mon Sep 17 00:00:00 2001
From: Longze Chen <cslzchen@gmail.com>
Date: Fri, 29 Jul 2022 13:59:42 -0400
Subject: [PATCH 2/2] Update change log for osf-cas hotfix 22.0.5

---
 CHANGELOG.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index fc7c7c6..223117c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,11 @@
 
 We follow the CalVer (https://calver.org/) versioning scheme: YY.MINOR.MICRO.
 
+22.0.5 (07-29-2022)
+===================
+
+Support shared SSO between FSU and MagLab
+
 22.0.4 (06-29-2022)
 ===================