SAML how do I map Administrator profile?

Pydio Cells
1

In the SAML trace role is confirmed as “pydio_admin”

image
image976×549 48.1 KB

In the mapping config I have (I have tried Administrator, administrator, and admin)

image
image1935×354 42.9 KB

Left attribute full value: http://schemas.microsoft.com/ws/2008/06/identity/claims/role

Considerations:

Without this mapping rule in place and testing with a user in the admin group (EntraID side), the sign-on and apps works fine and the user is given profile “Standard”.

With this mapping rule, sign-on works, but app gives unauthorized error. When checking the user account that is created it is missing a Profile value (thus no permissions are assigned). (A new user not in the admin group also works fine.)

I cannot find documentation that covers SAML mapping configuration for Pydio Cells. I currently have a time limited trial of Enterprise edition. Hopefully I can resolve this rather quickly.

2

After further review, the Mapping looks like it is actually working since the user card says “Administrator - 3 roles”. The problem, for whatever reason is that the “Profile” field is not getting populated. See screenshots below.

s1
s11133×451 18.2 KB

s2
s22004×1108 80.8 KB

3

Hello @erpadmin

Thanks for raising a question. This is an enterprise feature. We will contact you via ‘enterprise’ channel :wink:

4

Solution is:

Left Attribute: keep claims/role as is

Filter Rule: <blank>

Right Attribute: Profile

Custom Value: {{if eq (lower .LeftValue) “pydio_admin”}}admin{{else}}standard{{end}}

replace pydio_admin with your specific role claim value. the screenshots capture the information needed to assist