Artifactory: SAML SSO group matching not working

Question

We are using ADFS to allow users to log into Artifactory and basically it works fine. Problem is, that the group memberships aren\'t recognized. Can anyone tell me what the

Answer 1

Ran into the same thing and it took me a while to troubleshoot it. First of all, you have the SAML settings set up correctly. What you need to do is to create the group in artifactory with the exact ID as the one specified in your SAML. In your case you will have to create:

1. CN=some_group_the_user_is_in,OU=...
2. CN=my_artifactory_group,OU=..
3. CN=some_other_group,OU=...

I assume these are not the real names of your groups but I copied them verbatim from your question.

Then you'd need to give your groups the proper permissions to be able to browse the proper repositories. Word of caution, the SAML group association allows the users to browse Artifactory according to their permission. It does not allow them to use that association to access artifactory using a generated token as you would if you want to run a build from a developer machine rather than user the Artifactory password. The latter missing feature was promised to be delivered in Q4 2018 by their support. Here is the JIRA issue related to the missing feature.