When the Shibboleth login is enabled, roles roles are automatically applied to OpenOLAT users. The synchronisation mechanism only adds roles to users but never revokes them. The synchronisazion happens every time when a user logs in via Shibboleth.

Configuration

The granting of roles is configurable in olat.local.properties.

User

Every new user gets the user role.

Author

The role author is granted to a user if a Shibboleth attribute contains a certain term. The configuration has the following parameters.

• shibboleth.role.mapping.author.enable: Enable / Disable the automatic granting.
• shibboleth.role.mapping.author.shib: Name of the Shibboleth attribut which has to contain the term.
• shibboleth.role.mapping.author.contains: Term which has to appear in the Shibboleth attribute.

Example: Every user with the term "staff" in the Shibboleth attribute "Shib-mail" gets the author role.

shibboleth.role.mapping.author.enable=true
shibboleth.role.mapping.author.shib=Shib-mail
shibboleth.role.mapping.author.contains=staff