I believe there is one more setting in there somewhere .. it relates to what your consuming as the "role" attribute I believe.. cant remember off the top of my head.
In my case i'm using ePPA ------ thanks kevin.foote On Thu, 7 Apr 2011, Sarah Ryder wrote: -> -> Hi folks -> -> We're using Shibboleth authentication w/ DSpace 1.7.1 and we'd like to -> make it so that all of our users are added to a DSpace group when they -> login. Does anyone know if this is possible and how? -> -> I assumed that the following lines in dspace.cfg (see below) would allow -> for this, so I set: -> authentication.shib.default-roles = member -> authentication.shib.role.member = hampusers -> -> I already created the group called hampusers, but no users are added to -> the group when they login. I picked the word member to use for the role, -> but I picked that out of thin air just assuming that it could be any word. -> -> I also don't see anything regarding roles in the dspace log when users -> authenticate. -> -> Any insight or help would be much appreciated. Thanks! -> -> # when user is fully authN on IdP but would not like to release -> # his/her roles to DSpace (for privacy reason?), what should be -> # the default roles be given to such users? -> # The values are separated by semi-colon or comma -> # authentication.shib.default-roles = Staff, Walk-ins -> authentication.shib.default-roles = member -> -> # The following mappings specify role mapping between IdP and Dspace. -> # the left side of the entry is IdP's role (prefixed with -> # "authentication.shib.role.") which will be mapped to -> # the right entry from DSpace. DSpace's group as indicated on the -> # right entry has to EXIST in DSpace, otherwise user will be identified -> # as 'anonymous'. Multiple values on the right entry should be separated -> # by comma. The values are CASE-Sensitive. Heuristic one-to-one mapping -> # will be done when the IdP groups entry are not listed below (i.e. -> # if "X" group in IdP is not specified here, then it will be mapped -> # to "X" group in DSpace if it exists, otherwise it will be mapped -> # to simply 'anonymous') -> # -> # Given sufficient demand, future release could support regex for the -> mapping -> # special characters need to be escaped by \ -> #authentication.shib.role.Senior\ Researcher = Researcher, Staff -> #authentication.shib.role.Librarian = Administrator -> authentication.shib.role.member = hampusers -> -> -> -Sarah Ryder -> Web Development -> Hampshire College -> 413.559.5477 -> -> ------------------------------------------------------------------------------ -> Xperia(TM) PLAY -> It's a major breakthrough. An authentic gaming -> smartphone on the nation's most reliable network. -> And it wants your games. -> http://p.sf.net/sfu/verizon-sfdev -> _______________________________________________ -> DSpace-tech mailing list -> [email protected] -> https://lists.sourceforge.net/lists/listinfo/dspace-tech -> ------------------------------------------------------------------------------ Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev _______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech
