Howdy. Is there an example of what the addOnlyGroups array should look like?
I have SimpleSAMLPHP setup and working with azure AD. I also have sso working on mediawiki using PluggableAuth and the SimpleSAMLPHP plugin. However, I cannot get group mappings to work.
I have my mediawiki debug logging turned on and can see the Azure group identity/claims/role guids being returned to, however, Pluggable auth keeps removing my user from groups they should be in, in the debug logs:
[PluggableAuth] Removing 'username@domain.com' from group 'sysop'
I'm wondering if I should adding the addOnlyGroups array, but I can't figure out the syntax.
$wgPluggableAuth_Config['SSO Login'] = [
'plugin' => 'SimpleSAMLphp',
'data' => [
'authSourceId' => 'default-sp',
'emailAttribute' => 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress',
'realNameAttribute' => 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name',
'usernameAttribute' => 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name',
'userinfoProviders' => [
'username' => 'rawusername',
],
],
'groupsyncs' => [
[
'type' => 'mapped',
'map' => [
'sysop' => [ 'groups' => 'azure group ID guids' ],
'user' => [ 'groups' => 'azure group ID guids' ]
],
'addOnlyGroups' => [ 'sysop', 'user' ],
]
]
];