Groups not being added to new users


#1

I have implemented SSO in ASP.net MVC using the sample code on this site as a guide.

The SSO authentication feature works great, however my group membership is not working.

Here’s the relevant code:

string returnPayload = "nonce=" + Server.UrlEncode(nonce) +
                        "&email=" + Server.UrlEncode(email) +
                        "&external_id=" + Server.UrlEncode(externalId) +
                        "&username=" + Server.UrlEncode(username) +
                        "&bio=" + Server.UrlEncode(bio) +
                        "&avatar_url=" + Server.UrlEncode(avatar_url) +
                        "&name=" + Server.UrlEncode(name);

// process groups
if (CurrentUser.IsAdministrator)
{
    returnPayload += "&add_groups=admins,moderators,staff";
}
else if (CurrentUser.IsStaff)
{
    returnPayload += "&remove_groups=admins&add_groups=moderators,staff";
}

For us, Staff is similar to moderator and Admin is the highest privileged user. My goal is to remove any obsolete groups while adding appropriate groups.

When a user logs in, all the other attributes are set, but groups are not.

Am I removing and assigning groups correctly?

Is it possible to assign admin, moderator, and staff groups this way?

Thank you.


(Jay Pfaffman) #2

No. You can’t pass automatic groups in the SSO payload (see AND NOT automatic in the code below).

I think you’ll either need to make your own custom group, which I don’t think will do what you want, assign admin/moderator rights in Discourse by hand (easiest if you don’t have lots and they don’t change often), or use API calls to manage those.


#3

Thank you, Jay.

So that I’m 100% clear, any group other than a custom groups is considered an automatic group and cannot be assigned via the add_groups using SSO.

I found this list of automatic groups:

2017-07-31_07-22-51


(Sam Saffron) #4

Yes, this feature is only intended for custom non automatic groups.

If you need to flag a user as admin or moderator you would use the dedicated flags: