Role Mapping not working as expected

  • Resolved parleer

    (@parleer)


    7 years, 10 months ago

    We are a paying customer. Here’s the problem we’re experiencing:

    1. User logs in, assigned to Subscriber role.

    2. We manually update them to SiteManager (a customer role)

    3. User logs in again, the SiteManager role is removed, and they are re-assigned to Subscriber role.

    How can we prevent this behavior? We are NOT using Attribute/Role Mapping feature. We want any LDAP user to be able to login and access content on our site. But we want to manually control who is being given SiteManager role.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author miniOrange

    (@cyberlord92)

    Hi parleer,

    You need to assign a default role and also set the option so that role does not get updated for existing users. Please find the answers to the questions you posed:

    1. User logs in, assigned to Subscriber role.
    >>> The default role must be Subscriber in the Role Mapping section. Change it to SiteManager so that new user will get the SiteManager as the default role.

    2. We manually update them to SiteManager (a customer role)
    3. User logs in again, the SiteManager role is removed, and they are re-assigned to Subscriber role.

    >>> Select the checkbox Do not update existing user’s roles. so that existing user’s role does not get updated. When you will provide a role manually to the users, it will remain same when user will login through SSO.

    Let us know if you have any questions.

    Thanks,
    miniOrange Team

    Thread Starter parleer

    (@parleer)

    miniOrange,

    Unfortunately, your suggestions will not work. I should have expanded the description of my scenario. I have about 40,000 users, any of which can and should be able to login to my WordPress application. By authenticating via SAML, I know that they are my user and should be given Subscriber access. A few of these users, however, I want to promote to SiteManager. However, when these promoted users re-login to the WordPress application, they are once again given Subscriber.

    I do not see an option for Do not update existing users's roles, as you suggest.

    Instead, I have only the following two options:

    • Do not auto create users if roles are not mapped here.
    • Do not assign role to unlisted users.

    Neither of these options work because a) I want SAML users to login, even if they haven’t already created an account, and b) I want those SAML users to be assigned the Subscriber role by default.

    The missing Do not update existing user's roles option seems like it might work for me, but it simply doesn’t exist.

    I’m using the latest WordPress 4.7.4 and the plugin I’m using identifies itself as *miniOrange SSO using SAML 2.0*, Version 11.1.3 by miniOrange. And WordPress reports that no update is available.

    I wanted to make sure that I was running the latest version, so I went to the “Add Plugin” screen within WordPress and searched for “miniOrange”. The results show a similarly named plugin “SAML Single Sign On by miniOrange”. WordPress shows that this is the plugin I have installed because the “Install Now” button is missing and in it’s place is a grayed “Active” button showing that the plugin is already installed and active on my site. Oddly, the “More Details” link directs to https://www.ads-software.com/plugins/miniorange-saml-20-single-sign-on/, which identifies the plugin as Version 4.8.23.

    Is something messed up with the version numbers that prevents my plugin from updating?

    Did you guys change the name of your plugin?

    Thanks,
    Ryan

    • This reply was modified 7 years, 10 months ago by parleer.
    • This reply was modified 7 years, 10 months ago by parleer.
    • This reply was modified 7 years, 10 months ago by parleer.
    Thread Starter parleer

    (@parleer)

    miniOrange,

    Your SSO plugin for WordPress is a bit buggy. I was finally able to resolve all issues by logging in to https://auth.miniorange.com/moas/ and re-downloading the plugin.

    Why didn’t it automatically detect an update?

    When the plugin installed, it identified itself as Version 11.1.9 and I now see the option Do not update existing user's roles..

    This was a frustrating experience for several reasons:

    1. Upon full restoration of the site (plugin and database), your plugin automatically deactivated itself and lost it’s configuration. Fortunately, I had all settings documented so was able re-enter everything, including the Name/Attribute mapping and X509 certificate.

    2. The plugin did not notify me in any way that an update was available.

    3. Upon installing the plugin, I was asked to “Register”, but was never given an opportunity to “Login”. It was confusing and appeared to create a new account.

    4. After “Registration”, I was prompted to enter a license key. However, despite displaying a message that my license key was accepted, the plugin continued to prompt me to enter my key, and never allowed me to configure the plugin.

    5. After several attempts above, I finally uninstalled and reinstalled, re-“Registered”, and this time rather than create a rogue account, it apparently successfully linked to my existing account, after which, it accepted my license key and allowed me to configure the plugin.

    Very frustrating. I sincerely hope that someone addresses these very real issues.

    Thank you,
    Ryan

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Role Mapping not working as expected’ is closed to new replies.