Dream Platform support

[derega]

Dreamschool is based on Dream Platform. Dream UserDB should be added as external data source.

[derega]

First version of this was merged in PR #1. It contains the minimum viable implementation.

This was updated on Dreamschool side this week.

Currently it works like this:

• User comes in the the Dreamschool SP with SAML assertion from MPASS Auth Proxy
• Assertion contains MPASS ID
• If the MPASS ID is found in Dreamschool User Database:
  • User is logged in and everything works
• User is not found:
  • DS UserDB makes an API query to MPASS Auth Data asking for possible external_id
  • If the response contains valid external_id:
    • The external_id in this case is DS UserDB user ID
    • MPASS ID is added for that user
    • user is logged in and everything works
  • Response does not contain valid external_id
    • This is previously unknown new user
    • Account is created automatically based on attributes in SAML assertion
    • Username is derived from MPASS ID
    • User is always teacher
    • User belongs to organisation named "ECA"

In all cases user is logged in and can use Dreamschool service.

There are still limitations. All users are teachers and they are all in single organisation. This is enough for demo purposes as this is not meant to be production ready yet. The main purpose is to allow testing of MPASS authentication.

There are two ways to use this implementation:

1. Existing Dreamschool user uses MPASS to log in to Dreamschool using Dreamschool as authentication source.
2. All users who have MPASS ID can automatically register new account and log in to Dreamschool.