Hi bizt!
You touched an interesting topic. Indeed we had to slightly modify the code of the plugin. We designed a dedicated field WPMember in our IdP. This field stores a user’s group name. We also use Members plugin which allows creation of custom groups with dedicated permissions.
In wp-content/plugins/saml-20-single-sign-on/lib/classes/saml_client.php we modified a function update_role like that:
private function update_role()
{
/* $attrs = $this->saml->getAttributes();
if(array_key_exists($this->settings->get_attribute('groups'), $attrs) )
{
if( in_array($this->settings->get_group('admin'),$attrs[$this->settings->get_attribute('groups')]) )
{
$role = 'administrator';
}
elseif( in_array($this->settings->get_group('editor'),$attrs[$this->settings->get_attribute('groups')]) )
{
$role = 'editor';
}
elseif( in_array($this->settings->get_group('author'),$attrs[$this->settings->get_attribute('groups')]) )
{
$role = 'author';
}
elseif( in_array($this->settings->get_group('contributor'),$attrs[$this->settings->get_attribute('groups')]) )
{
$role = 'contributor';
}
elseif( in_array($this->settings->get_group('subscriber'),$attrs[$this->settings->get_attribute('groups')]) )
{
$role = 'subscriber';
}
elseif( $this->settings->get_allow_unlisted_users() )
{
$role = 'subscriber';
}
else
{
$role = false;
}
}
else
{
$role = false;
}
*/
$attrs = $this->saml->getAttributes();
$role = $attrs[$this->settings->get_attribute('groups')][0];
$user = get_user_by('login',$attrs[$this->settings->get_attribute('username')][0]);
if($user)
{
$user->set_role($role);
}
return $role;
}
In plugin config page we set WPMember as the field to use for a determination of the group. The rest of the settings page (Groups) is not used in our case.
Hope this helps.
