Hi Valerio and thank you for your help,
I'm not a PHP expert and I have tried to remove "interface-admin" and "bureaucrat" lines, but the rights/groups assignment doesn't work.
Are there someone that uses this extension with groups?
Thank you for all your help! Marco
Il 18/09/19 14:57, Valerio Bozzolan via MediaWiki-l ha scritto:
Hi Marco,
If there is not enough documentation about that extension I would suggest to go inside the extension (it seems not that large) and debug its related code about group handling.
E.g. I'm looking at the Shibboleth#populateGroups() function and it seems that it only accepts 'sysop' and 'bureaucrat', so you may need to patch the extension for your need.
https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/Shibbole...
Hoping to have given a starting point, but actually I can't play with that ecosystem to give more support.
Good luck for now!
On Wed, 2019-09-18 at 13:46 +0200, Marco Malavolti wrote:
Hi to all,
I'm Marco Malavolti from GARR (Italian NREN) and I'm trying to use Shibboleth extension for Mediawiki to set user's rights with groups.
https://www.mediawiki.org/wiki/Extension:Shibboleth
I have successfully configured the extension to enable the SSO and it works, but I don't know why the following configuration doesn't set privilegies/groups to logged users:
wfLoadExtension( 'Shibboleth' );
$wgShibboleth_Username = 'eppn'; $wgShibboleth_Email = 'mail'; $wgShibboleth_DisplayName = "cn"; $wgShibboleth_Logout_Base_Url = "https://sp.example.org"; $wgShibboleth_Logout_Target_Url = '/index.php/Pagina_principale';
$wgShibboleth_GroupMap = [ 'attr_name' => 'unscoped-affiliation', 'sysop' => 'member', 'bureaucrat' => 'member', 'interface-admin' => 'member', ];
'unscoped-affiliation' is the eduPersonAffiliation attribute. That name is what Shibboleth set by default.
I'm using the latest version of the extension provided here:
https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/Shibbole...
Can you help me to understand how to provide group's permission to my logged users, please?
Thank you so much for any help you can provide!