https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33538
--- Comment #1 from Brendan Lawlor <[email protected]> --- At one point we had autocreate and sync both working for our use case, but since some Koha upgrade, possibly 23.05, it stopped working the way that we expected it to and have had to turn off sync. In our use case we are using SSO for library staff accounts. We had autocreate set some default level of permissions so that staff could login to the staff interface and do some basic circ when they first logged in. Then we managed elevating permissions in Koha. We had sync turned on and our SAML so that we could update staff attributes like branchcode and name in the IdP and the Koha account would update the next time the staff logged in. Originally the sync allowed for updating the user's attributes sent by SAML, but allowed for the elevated permissions to be retained. We had to turn off sync because Shibboleth started syncing the permission flags to the default and all staff lost their permissions. We don't store and send permission flags in our IdP, but to get this working again without a patch we would have to do that. I think Shibboleth's sync should only update attributes that are explicitly passed from the SAML app, so that you could configure defaults for other fields in autocreate. This is particularly useful for setting default permissions for new staff. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
