I wonder how to manage groups with saml authentication.
as in shared code, inital group is set to Users , how can i use user own group in the IdP without setting inital group?
i created same groups in xibo groups tab.
then deleted inital group from the saml code sample
added it to mapping array like below but it didnt work.
Normally i can add new users and let my users to visit cms if i set inital group to Users.
First you must add same named roles to xibo user groups and set their page security permisions.
Then go to your xibo hosting area and find out lib/Middleware/SAMLAuthentication.php
Change the line #261 to #266 ( Xibo Cms 1.8.9 )
// Assign the initial group
if (isset($samlSettings[‘workflow’][‘group’])) {
$group = $app->userGroupFactory->getByName($samlSettings[‘workflow’][‘group’]);
} else {
$group = $app->userGroupFactory->getByName(‘Users’);
}
// Assign the same group which IdP provides. First you must add same groups from xibo dashboard.
if (isset($userData[‘group’])) {
$group = $app->userGroupFactory->getByName($userData[‘group’][0]);
}
its done. As i said before you must add thoose groups which your users assigned already at your Idp database. If not you will get group not found error. It was enough for me …
I am not coder so if someone can automate first step that would be amazing.
Also remove inital group setup from settings php and add it under mapping array. like this
The SAML integration we have doesn’t tackle group membership.
It’s intended that you use the Xibo UI to put the user in the correct groupings after first login (or after creating an account with the correct name ahead of time if you have JIT turned off).
Once the account is created, Xibo won’t change the groupings that the user is in, so whatever you set will stick.
Your code changes change that behaviour clearly, but that’s not what we intend.