From e79dda7583b1523ca2280b8be65d9b28ff811a0b Mon Sep 17 00:00:00 2001
From: sarahbyrnie <sarah.byrne@stfc.ac.uk>
Date: Mon, 1 Feb 2021 16:59:31 +0000
Subject: [PATCH] Allows for groups claim to be a string or array depending on
 auth type

---
 lib/Authentication/AuthTokens/IAMAuthToken.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/Authentication/AuthTokens/IAMAuthToken.php b/lib/Authentication/AuthTokens/IAMAuthToken.php
index 936385519..4bdceb572 100644
--- a/lib/Authentication/AuthTokens/IAMAuthToken.php
+++ b/lib/Authentication/AuthTokens/IAMAuthToken.php
@@ -85,7 +85,7 @@ private function getAttributesInitToken(){
                 die('You must login via your organisation on IRIS IAM to gain access to this site.');
             }
             //Don't allow access unless user is a member of the IRIS gocdb group
-            if(strpos($_SERVER['OIDC_CLAIM_groups'], "gocdb")===false){
+            if(strpos($_SERVER['OIDC_CLAIM_groups'], "gocdb")===false and in_array('gocdb', $_SERVER['OIDC_CLAIM_groups'])===false){
                 die('You do not belong to the correct group to gain access to this site. Please visit iris-iam.stfc.ac.uk and submit a request to join the GOCDB group. This shall be reviewed by a GOCDB admin.');
             }
         }