Groups not being added to new users

I have implemented SSO in ASP.net MVC using the sample code on this site as a guide.

The SSO authentication feature works great, however my group membership is not working.

Here’s the relevant code:

string returnPayload = "nonce=" + Server.UrlEncode(nonce) +
                        "&email=" + Server.UrlEncode(email) +
                        "&external_id=" + Server.UrlEncode(externalId) +
                        "&username=" + Server.UrlEncode(username) +
                        "&bio=" + Server.UrlEncode(bio) +
                        "&avatar_url=" + Server.UrlEncode(avatar_url) +
                        "&name=" + Server.UrlEncode(name);

// process groups
if (CurrentUser.IsAdministrator)
{
    returnPayload += "&add_groups=admins,moderators,staff";
}
else if (CurrentUser.IsStaff)
{
    returnPayload += "&remove_groups=admins&add_groups=moderators,staff";
}

For us, Staff is similar to moderator and Admin is the highest privileged user. My goal is to remove any obsolete groups while adding appropriate groups.

When a user logs in, all the other attributes are set, but groups are not.

Am I removing and assigning groups correctly?

Is it possible to assign admin, moderator, and staff groups this way?

Thank you.

No. You can’t pass automatic groups in the SSO payload (see AND NOT automatic in the code below).

https://github.com/discourse/discourse/blob/master/app/models/discourse_single_sign_on.rb#L113

I think you’ll either need to make your own custom group, which I don’t think will do what you want, assign admin/moderator rights in Discourse by hand (easiest if you don’t have lots and they don’t change often), or use API calls to manage those.

3 Likes

Thank you, Jay.

So that I’m 100% clear, any group other than a custom groups is considered an automatic group and cannot be assigned via the add_groups using SSO.

I found this list of automatic groups:

2017-07-31_07-22-51

1 Like

Yes, this feature is only intended for custom non automatic groups.

If you need to flag a user as admin or moderator you would use the dedicated flags:

https://github.com/discourse/discourse/blob/5012d46cbd3bcf79b7351f7d2d41003496a796c5/spec/models/discourse_single_sign_on_spec.rb#L102-L122

3 Likes