[solved] Sso group map using header


Component | Version
--------- | -------
LibreNMS  | 1.69-67-g2a98076
DB Schema | 2020_11_02_164331_add_powerstate_enum_to_vminfo (191)
PHP       | 7.3.25
Python    | 3.6.8
MySQL     | 5.5.68-MariaDB
RRDTool   | 1.4.8
SNMP      | NET-SNMP 5.7.2
OpenSSL   | 
[OK]    Composer Version: 2.0.7
[OK]    Dependencies up-to-date.
[OK]    Database connection successful
[OK]    Database schema correct
[WARN]  Your local git contains modified files, this could prevent automatic updates.
	You can fix this with ./scripts/github-remove
	Modified Files:

Trying to authenticate using group strategy.
I am able to auth with my provider when i enable group_strategy=static but when I enable group_strategy=map I don’t get access level 10 or Admin but a lower access level…not sure which access level number

$config['auth_mechanism']        = "sso";

$config['sso']['mode']           = "header";
$config['sso']['create_users'] = true;
$config['sso']['update_users'] = true;

#$config['sso']['user_attr'] = 'REMOTE_USER'; // not needed since user_attr is already REMOTE_USER 
$config['sso']['realname_attr'] = 'REMOTE_NAME';
$config['sso']['email_attr'] = 'REMOTE_EMAIL';
$config['sso']['group_attr'] = 'REMOTE_GROUPS';
$config['sso']['group_strategy'] = 'map';
$config['sso']['group_delimiter'] = ',';
$config['sso']['group_level_map'] = ['librenms-admins' => 10];

// works with below
$config['sso']['group_strategy'] = "static";
$config['sso']['static_level']   = 10;

Interestingly when I auth into librenms with strategy=static; level=10, and take a look at the /settings page where all the configure global settings appear, (because im granted Admin rights), I only see a few sso settings:

auth_mechanism sso
sso.create_users true
sso.update_users true
sso.user_attr REMOTE_USER

So not sure why I dont see the other sso settings as if they were not configured. Bug? But strategy=static, level=10 works fine…so i dont really understand where the disconnect is…

Any input is much appreciated.

Thank you,

OMG the solution was so simple… :pensive:

Use env instead worked like a charm!!

$config['sso']['mode']           = "env";