Topic on Extension talk:PluggableAuth

Group Mapping with SimpleSAMLPHP & Azure AD

1
Gsmith1031 (talkcontribs)

Howdy. Is there an example of what the addOnlyGroups array should look like?

I have SimpleSAMLPHP setup and working with azure AD. I also have sso working on mediawiki using PluggableAuth and the SimpleSAMLPHP plugin. However, I cannot get group mappings to work.

I have my mediawiki debug logging turned on and can see the Azure group identity/claims/role guids being returned to, however, Pluggable auth keeps removing my user from groups they should be in, in the debug logs:

[PluggableAuth] Removing 'username@domain.com' from group 'sysop'


I'm wondering if I should adding the addOnlyGroups array, but I can't figure out the syntax.

$wgPluggableAuth_Config['SSO Login'] = [
    'plugin' => 'SimpleSAMLphp',
    'data' => [
        'authSourceId' => 'default-sp',
        'emailAttribute' => 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress',
        'realNameAttribute' => 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name',
        'usernameAttribute' => 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name',
        'userinfoProviders' => [
            'username' => 'rawusername',
        ],
    ],
    'groupsyncs'  => [
        [
            'type' => 'mapped',
                'map'   => [
                    'sysop'           => [ 'groups' => 'azure group ID guids' ],
                    'user'            => [ 'groups' => 'azure group ID guids' ]
                ],
                'addOnlyGroups' => [ 'sysop', 'user' ],
        ]
    ]
];

Reply to "Group Mapping with SimpleSAMLPHP & Azure AD"