Hi Valerio and thank you for your help,
I'm not a PHP expert and I have tried to remove "interface-admin" and
"bureaucrat" lines, but the rights/groups assignment doesn't work.
Are there someone that uses this extension with groups?
Thank you for all your help!
Marco
Il 18/09/19 14:57, Valerio Bozzolan via MediaWiki-l ha scritto:
Hi Marco,
If there is not enough documentation about that extension I would
suggest to go inside the extension (it seems not that large) and debug
its related code about group handling.
E.g. I'm looking at the Shibboleth#populateGroups() function and it
seems that it only accepts 'sysop' and 'bureaucrat', so you may need to
patch the extension for your need.
https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/Shibbol…
Hoping to have given a starting point, but actually I can't play with
that ecosystem to give more support.
Good luck for now!
On Wed, 2019-09-18 at 13:46 +0200, Marco Malavolti wrote:
> Hi to all,
>
> I'm Marco Malavolti from GARR (Italian NREN) and I'm trying to use
> Shibboleth extension for Mediawiki to set user's rights with groups.
>
>
https://www.mediawiki.org/wiki/Extension:Shibboleth
>
> I have successfully configured the extension to enable the SSO and it
> works, but I don't know why the following configuration doesn't set
> privilegies/groups to logged users:
>
> wfLoadExtension( 'Shibboleth' );
>
> $wgShibboleth_Username = 'eppn';
> $wgShibboleth_Email = 'mail';
> $wgShibboleth_DisplayName = "cn";
> $wgShibboleth_Logout_Base_Url = "https://sp.example.org";
> $wgShibboleth_Logout_Target_Url = '/index.php/Pagina_principale';
>
> $wgShibboleth_GroupMap = [ 'attr_name' => 'unscoped-affiliation',
> 'sysop' => 'member',
> 'bureaucrat' => 'member',
> 'interface-admin' => 'member',
> ];
>
> 'unscoped-affiliation' is the eduPersonAffiliation attribute. That
> name
> is what Shibboleth set by default.
>
> I'm using the latest version of the extension provided here:
>
>
https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/Shibbol…
>
>
> Can you help me to understand how to provide group's permission to my
> logged users, please?
>
> Thank you so much for any help you can provide!
>
>
--
Marco Malavolti
Consortium GARR - Servizio IDEM GARR AAI
Via dei Tizii, 6 - I-00185 (ROMA)
CF: 97284570583 - PI:07577141000
Tel.: 02 6448 2507
Skype: marco.mala
PGP KEY: