SAML2 - group mapping, giving access level

W-i-s-h · 3 May 2023 12:16

I’ve got a successful SAML2 integration on LibreNMS with socialiteproviders/saml2

In cofig.php:
$config[‘auth’][‘socialite’][‘register’] = true;
$config[‘auth’][‘socialite’][‘configs’][‘saml2’][‘metadata’] = ‘FederationMetadata.xml’;
$config[‘auth’][‘socialite’][‘configs’][‘saml2’][‘asc’] = ‘https://adfs’;
$config[‘auth’][‘socialite’][‘configs’][‘saml2’][‘listener’] = ‘\SocialiteProviders\Saml2\Saml2ExtendSocialite’;
$config[‘auth’][‘socialite’][‘configs’][‘saml2’][‘entityid’] = ‘https://who-to-trust’;
$config[‘auth’][‘socialite’][‘configs’][‘saml2’][‘sp_acs’] = ‘auth/saml2/callback’;
$config[‘auth’][‘socialite’][‘configs’][‘saml2’][‘certificate’] = ‘long certificate’

Everything works just fine. But newly created user used a Normal access level (you can see only blank forms with no data). But I need to differentiate users based on adfs groups. I’ve tried attribute_map or
[‘group_strategy’] = “map”, [‘group_attr’] = “memberOf” and [‘group_level_map’] = [‘ADFS-Group-1’ => 10, ‘ADFS-Group-2’ => 5] but… It doesn’t work. Maybe I’m digging in the wrong direction? How can I set access level at least on 5 for newly created users for saml2 plugin?
OR
Is there any way to set access level just via terminal for newly created users?

pjchilds · 4 May 2023 03:26

I have a PR here Add support for Okta Group claims to set User level by peejaychilds · Pull Request #15020 · librenms/librenms · GitHub that would let you
lnms config:set auth.socialite.default_role global-read

Antonio_Cheong · 16 May 2023 11:14

I need this! Hope the PR can be merge soon.

system · 14 August 2023 11:14

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.