I am trying to configure a Discourse forum to use UCS for SSO. There are Discourse plugins for LDAP, SAML and OpenID-Connect.
First I tried LDAP, but the Discourse plugin does not support synchronization of group membership.
Therefore I configured SAML, which supports
memberOf on the Discourse side. For the UCS side I added
saml/idp/ldap/get_attributes and as additional LDAP attribute of the identity provider. It shows up in
/etc/simplesamlphp/metadata.d/https\:__forum....., but not in
<saml:AttributeStatement> which is written to
ucr set saml/idp/log/debug/enabled=true and
ucr set saml/idp/log/level=DEBUG.
I found this thread which seems to solve a similar problem, but don’t understand how to apply this to my problem: UCS als SAML Identity Provider für AWS IAM
I did not try OpenID-Connect yet, but according to Modern Authentication and Authorization (SAML, OIDC, Oauth..)
memberOf is not possible. Is this still true?
Thanks for your help!