- Issue created by @dave reid
- π³π±Netherlands roderik Amsterdam,NL / Budapest,HU
(Provided you have checked at least one of the "enable matching" checkboxes: )
if you want to link a SAML login to a pre-existing not-linked-yet Drupal account that has more roles than "authenticated"... then all those roles must be explicitly allowed here. (A Drupal account with at least one not-explicitly-allowed role cannot be linked, because "is considered privileged" . This "roles" option was added later as a security hardening.)
if you want to link a SAML login to a pre-existing not-linked-yet Drupal account that has only the authenticated user role, then that is automatically allowed. (Because that user is not 'privileged' in any way.)
Put differently: the reason "Authenticated user" is not explicitly listed, is: it never makes sense to leave that unchecked -- the option is then useless because no not-linked-yet users can be linked at all (because all users have this role).--
You're right that the UI description is... not ideal. Every time I see this option, I need to think hard about what exactly it means again, which proves that this needs improvement.
(Also: if your system regularly adds new roles, then accounts having those new roles cannot be linked until you add the role to this configuration option too -- see π¬ Design of map_users_roles setting is problematic Fixed )
- πΈπ¦Saudi Arabia ishore
I've just installed samlauth and also came across this issue. We have hundreds of user roles and they're being created automatically. Having to check this module every day to tick any new roles would be very burdensome.
Our roles all come with the same privileges, so allowing linking for any role is what I'm looking for. Or perhaps negating the condition, allowing all roles to link except for those ticked.
- π³π±Netherlands roderik Amsterdam,NL / Budapest,HU
Please apply the patch in π¬ Design of map_users_roles setting is problematic Fixed . I'll look at that as unpaid time allows. (I'm slowly leaning toward applying something very close to it, though with improved UI and documentation.)
- Status changed to Closed: duplicate
over 1 year ago 3:14pm 15 September 2023 - πΊπΈUnited States dave reid Nebraska USA
Yeah, I think this is covered by π¬ Design of map_users_roles setting is problematic Fixed for us as well, that patch worked great to help regular authenticated users to be logged in.