Hi to all,
I'm Marco Malavolti from GARR (Italian NREN) and I'm trying to use Shibboleth extension for Mediawiki to set user's rights with groups.
https://www.mediawiki.org/wiki/Extension:Shibboleth
I have successfully configured the extension to enable the SSO and it works, but I don't know why the following configuration doesn't set privilegies/groups to logged users:
wfLoadExtension( 'Shibboleth' );
$wgShibboleth_Username = 'eppn'; $wgShibboleth_Email = 'mail'; $wgShibboleth_DisplayName = "cn"; $wgShibboleth_Logout_Base_Url = "https://sp.example.org"; $wgShibboleth_Logout_Target_Url = '/index.php/Pagina_principale';
$wgShibboleth_GroupMap = [ 'attr_name' => 'unscoped-affiliation', 'sysop' => 'member', 'bureaucrat' => 'member', 'interface-admin' => 'member', ];
'unscoped-affiliation' is the eduPersonAffiliation attribute. That name is what Shibboleth set by default.
I'm using the latest version of the extension provided here:
https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/Shibbole...
Can you help me to understand how to provide group's permission to my logged users, please?
Thank you so much for any help you can provide!
Hi Marco,
If there is not enough documentation about that extension I would suggest to go inside the extension (it seems not that large) and debug its related code about group handling.
E.g. I'm looking at the Shibboleth#populateGroups() function and it seems that it only accepts 'sysop' and 'bureaucrat', so you may need to patch the extension for your need.
https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/Shibbole...
Hoping to have given a starting point, but actually I can't play with that ecosystem to give more support.
Good luck for now!
On Wed, 2019-09-18 at 13:46 +0200, Marco Malavolti wrote:
Hi to all,
I'm Marco Malavolti from GARR (Italian NREN) and I'm trying to use Shibboleth extension for Mediawiki to set user's rights with groups.
https://www.mediawiki.org/wiki/Extension:Shibboleth
I have successfully configured the extension to enable the SSO and it works, but I don't know why the following configuration doesn't set privilegies/groups to logged users:
wfLoadExtension( 'Shibboleth' );
$wgShibboleth_Username = 'eppn'; $wgShibboleth_Email = 'mail'; $wgShibboleth_DisplayName = "cn"; $wgShibboleth_Logout_Base_Url = "https://sp.example.org"; $wgShibboleth_Logout_Target_Url = '/index.php/Pagina_principale';
$wgShibboleth_GroupMap = [ 'attr_name' => 'unscoped-affiliation', 'sysop' => 'member', 'bureaucrat' => 'member', 'interface-admin' => 'member', ];
'unscoped-affiliation' is the eduPersonAffiliation attribute. That name is what Shibboleth set by default.
I'm using the latest version of the extension provided here:
https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/Shibbole...
Can you help me to understand how to provide group's permission to my logged users, please?
Thank you so much for any help you can provide!
Hi Valerio and thank you for your help,
I'm not a PHP expert and I have tried to remove "interface-admin" and "bureaucrat" lines, but the rights/groups assignment doesn't work.
Are there someone that uses this extension with groups?
Thank you for all your help! Marco
Il 18/09/19 14:57, Valerio Bozzolan via MediaWiki-l ha scritto:
Hi Marco,
If there is not enough documentation about that extension I would suggest to go inside the extension (it seems not that large) and debug its related code about group handling.
E.g. I'm looking at the Shibboleth#populateGroups() function and it seems that it only accepts 'sysop' and 'bureaucrat', so you may need to patch the extension for your need.
https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/Shibbole...
Hoping to have given a starting point, but actually I can't play with that ecosystem to give more support.
Good luck for now!
On Wed, 2019-09-18 at 13:46 +0200, Marco Malavolti wrote:
Hi to all,
I'm Marco Malavolti from GARR (Italian NREN) and I'm trying to use Shibboleth extension for Mediawiki to set user's rights with groups.
https://www.mediawiki.org/wiki/Extension:Shibboleth
I have successfully configured the extension to enable the SSO and it works, but I don't know why the following configuration doesn't set privilegies/groups to logged users:
wfLoadExtension( 'Shibboleth' );
$wgShibboleth_Username = 'eppn'; $wgShibboleth_Email = 'mail'; $wgShibboleth_DisplayName = "cn"; $wgShibboleth_Logout_Base_Url = "https://sp.example.org"; $wgShibboleth_Logout_Target_Url = '/index.php/Pagina_principale';
$wgShibboleth_GroupMap = [ 'attr_name' => 'unscoped-affiliation', 'sysop' => 'member', 'bureaucrat' => 'member', 'interface-admin' => 'member', ];
'unscoped-affiliation' is the eduPersonAffiliation attribute. That name is what Shibboleth set by default.
I'm using the latest version of the extension provided here:
https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/Shibbole...
Can you help me to understand how to provide group's permission to my logged users, please?
Thank you so much for any help you can provide!
Hi to all,
Problem solved in the v1.1.1.
Thanks to Attila (the developer of the extension) and Davide Vaghetti we have correctly patched the extension and now it works.
Best regards to all! Marco
Il 18/09/19 13:46, Marco Malavolti ha scritto:
Hi to all,
I'm Marco Malavolti from GARR (Italian NREN) and I'm trying to use Shibboleth extension for Mediawiki to set user's rights with groups.
https://www.mediawiki.org/wiki/Extension:Shibboleth
I have successfully configured the extension to enable the SSO and it works, but I don't know why the following configuration doesn't set privilegies/groups to logged users:
wfLoadExtension( 'Shibboleth' );
$wgShibboleth_Username = 'eppn'; $wgShibboleth_Email = 'mail'; $wgShibboleth_DisplayName = "cn"; $wgShibboleth_Logout_Base_Url = "https://sp.example.org"; $wgShibboleth_Logout_Target_Url = '/index.php/Pagina_principale';
$wgShibboleth_GroupMap = [ 'attr_name' => 'unscoped-affiliation', 'sysop' => 'member', 'bureaucrat' => 'member', 'interface-admin' => 'member', ];
'unscoped-affiliation' is the eduPersonAffiliation attribute. That name is what Shibboleth set by default.
I'm using the latest version of the extension provided here:
https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/Shibbole...
Can you help me to understand how to provide group's permission to my logged users, please?
Thank you so much for any help you can provide!
mediawiki-l@lists.wikimedia.org