SAML2 - group mapping, giving access level

I’ve got a successful SAML2 integration on LibreNMS with socialiteproviders/saml2

In cofig.php:
$config[‘auth’][‘socialite’][‘register’] = true;
$config[‘auth’][‘socialite’][‘configs’][‘saml2’][‘metadata’] = ‘FederationMetadata.xml’;
$config[‘auth’][‘socialite’][‘configs’][‘saml2’][‘asc’] = ‘https://adfs’;
$config[‘auth’][‘socialite’][‘configs’][‘saml2’][‘listener’] = ‘\SocialiteProviders\Saml2\Saml2ExtendSocialite’;
$config[‘auth’][‘socialite’][‘configs’][‘saml2’][‘entityid’] = ‘https://who-to-trust’;
$config[‘auth’][‘socialite’][‘configs’][‘saml2’][‘sp_acs’] = ‘auth/saml2/callback’;
$config[‘auth’][‘socialite’][‘configs’][‘saml2’][‘certificate’] = ‘long certificate’

Everything works just fine. But newly created user used a Normal access level (you can see only blank forms with no data). But I need to differentiate users based on adfs groups. I’ve tried attribute_map or
[‘group_strategy’] = “map”, [‘group_attr’] = “memberOf” and [‘group_level_map’] = [‘ADFS-Group-1’ => 10, ‘ADFS-Group-2’ => 5] but… It doesn’t work. Maybe I’m digging in the wrong direction? How can I set access level at least on 5 for newly created users for saml2 plugin?
Is there any way to set access level just via terminal for newly created users?

I have a PR here Add support for Okta Group claims to set User level by peejaychilds · Pull Request #15020 · librenms/librenms · GitHub that would let you
lnms config:set auth.socialite.default_role global-read

1 Like

I need this! Hope the PR can be merge soon.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.