Greetings. Has anyone gotten SimpleSAMLPHP/PluggableAuth and group mappings working?
I have SimpleSAMLPHP setup and working with azure AD. I also have sso working on mediawiki using PluggableAuth and the SimpleSAMLPHP plugin. However, I cannot get group mappings to work.
I have my mediawiki debug logging turned on and can see the Azure group identity/claims/role guids being returned to, however, Pluggable auth keeps removing my user from groups they should be in, in the debug logs:
[PluggableAuth] Removing 'username@domain.com' from group 'sysop'
I'm wondering if I should adding the addOnlyGroups array, but I can't figure out the syntax.
$wgPluggableAuth_Config['SSO Login'] = [ 'plugin' => 'SimpleSAMLphp', 'data' => [ 'authSourceId' => 'default-sp', 'emailAttribute' => 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress', 'realNameAttribute' => 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name', 'usernameAttribute' => 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name', 'userinfoProviders' => [ 'username' => 'rawusername', ], ], 'groupsyncs' => [ [ 'type' => 'mapped', 'map' => [ 'sysop' => [ 'groups' => 'azure group ID guids' ], 'user' => [ 'groups' => 'azure group ID guids' ] ], 'addOnlyGroups' => [ 'sysop', 'user' ], ] ] ];