Hi Marco,
If there is not enough documentation about that extension I would
suggest to go inside the extension (it seems not that large) and debug
its related code about group handling.
E.g. I'm looking at the Shibboleth#populateGroups() function and it
seems that it only accepts 'sysop' and 'bureaucrat', so you may need to
patch the extension for your need.
https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/Shibbol…
Hoping to have given a starting point, but actually I can't play with
that ecosystem to give more support.
Good luck for now!
On Wed, 2019-09-18 at 13:46 +0200, Marco Malavolti wrote:
Hi to all,
I'm Marco Malavolti from GARR (Italian NREN) and I'm trying to use
Shibboleth extension for Mediawiki to set user's rights with groups.
https://www.mediawiki.org/wiki/Extension:Shibboleth
I have successfully configured the extension to enable the SSO and it
works, but I don't know why the following configuration doesn't set
privilegies/groups to logged users:
wfLoadExtension( 'Shibboleth' );
$wgShibboleth_Username = 'eppn';
$wgShibboleth_Email = 'mail';
$wgShibboleth_DisplayName = "cn";
$wgShibboleth_Logout_Base_Url = "https://sp.example.org";
$wgShibboleth_Logout_Target_Url = '/index.php/Pagina_principale';
$wgShibboleth_GroupMap = [ 'attr_name' => 'unscoped-affiliation',
'sysop' => 'member',
'bureaucrat' => 'member',
'interface-admin' => 'member',
];
'unscoped-affiliation' is the eduPersonAffiliation attribute. That
name
is what Shibboleth set by default.
I'm using the latest version of the extension provided here:
https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/Shibbol…
Can you help me to understand how to provide group's permission to my
logged users, please?
Thank you so much for any help you can provide!
--
--------
[[User:Valerio Bozzolan]]
Bot developer in it.wiki, Commmons, Wikidata
Talk me about an interesting import!