I've successfully set up Authentik as SAML provider and connected it to Wordpress. The login and logout works flawlessly, even transferring custom user attributes for first, last, and nick name.
However, I cannot figure out how to get groups working. In Authentik I have a group wordpress that is required to access the service at all. This group then has sub-groups such as wordpress-editor; these group names I have added to the plugin config. Furthermore, I have tried multiple ways of specifying the attribute mappings for roles: http://schemas.xmlsoap.org/claims/Group is what works for Nextcloud, I've tried groups and also ak_groups see here. User always end up only being subscribers. I've tried both with an without Multiple role values in one saml attribute value.
I've successfully set up Authentik as SAML provider and connected it to Wordpress. The login and logout works flawlessly, even transferring custom user attributes for first, last, and nick name.
However, I cannot figure out how to get groups working. In Authentik I have a group
wordpressthat is required to access the service at all. This group then has sub-groups such aswordpress-editor; these group names I have added to the plugin config. Furthermore, I have tried multiple ways of specifying the attribute mappings for roles:http://schemas.xmlsoap.org/claims/Groupis what works for Nextcloud, I've triedgroupsand alsoak_groupssee here. User always end up only being subscribers. I've tried both with an withoutMultiple role values in one saml attribute value.