Topic on Extension talk:SimpleSAMLphp

Summary by Cindy.cicalese

Extension:SimpleSamlAuth is a different extension from Extension:SimpleSAMLphp. You cannot use the configuration settings for the latter to configure the former.

Revansx (talkcontribs)

I'm using Ext:SimpleSAMLphp to automatically log users in to an enterprise wiki. This part is configured and works well. The next step is to have specific users automatically added to the "sysop" group when they meet certain criteria in the SAMLresponse.

By using the simpleSAMLphp diagnostic page I can confirm that my SSO is indeed providing an attribute in the SAML response the contains the "groups" that each user belongs to (per the enterprise AD/LDAP). The attribute is called "isMemberOf" and the SAML response is in the form:

"isMemberOf": [
            "cn=Active Staff, ou=Company, ou=groups, dc=acme,dc=com",
            "cn=Application Owner,ou=XYZ,ou=Groups,dc=acme,dc=com",
            "cn=Thing Maintainer,ou=XYZ,ou=Groups,dc=acme,dc=com",
            "cn=Resourse1,ou=ABC,ou=Groups,dc=acme,dc=com",
            "cn=Mailing-List-978,ou=LMN,ou=Groups,dc=acme,dc=com",
            "cn=Operator, ou=SAP Portal, ou=ABC,ou=Groups, dc=acme,dc=com"
        ]

While wordy, this meets the description of the "groups" info being encoded as a comma-seperated list of string in the form: "Group1", "Group2", "Group3", etc.. and so if I want to automatically assign a user to the 'Sysop' group based on their being the "Application Owner" of the XYZ System as evidence by the SAML group "cn=Application Owner,ou=XYZ,ou=Groups,dc=acme,dc=com", my understanding is that all I have to do is add the following line in my LocalSettings:

$wgSimpleSAMLphp_GroupMap = ['sysop' => ['isMemberOf' => ['cn=Application Owner,ou=XYZ,ou=Groups,dc=acme,dc=com']]];

However, this does not work and I don't understand why or how to debug it.

Could it be a problem that each group string contains commas as well? Please help.

  • MW:1.31.1
  • simplesamlphp (1.16.1)
  • Ext:SimpleSamlAuth: GIT-master (25f17ce) 10:39, 24 July 2018