user's group membership is not updated when it is changed on idp side.

[alexskr]

It appears that user's group membership is not updated when membership gets updated on the Idp side. Once user's first login is completed the group membership remain permanent regardless if it changed on the idp side unless that user is manually purged from the users.saml.php file.

[thijskh]

This is just from reading the code: I guess this might happen because modGroups is not defined as a "canDo": https://github.com/pitbulk/dokuwiki-saml/blob/master/authsaml/saml.php#L240-L244

This (and other relevant mod* flags) can probably be added at https://github.com/pitbulk/dokuwiki-saml/blob/master/authsaml/auth.php#L40

Does that change things for you? I do not have a representative environment anymore, so if this doesn't help I think you might need to do some further debugging yourself.

[thijskh]

Did you get any further with this?

[alexskr]

adding $this->cando['modGroups'] = true; to auth.php doesn't make a difference.

It also seems like other attributes like name and email address are not updated if those values are changed on Idp side. I am able to modify them with the update profile feature on the wiki if I set cando[modName] but I would rather pull updates from the Idp.

[pv2b]

I think this issue should be solved by now, if not by PR #10 from before then also by #19 and 20.