We are using SAML to authentication users in our Communities environment but by default SAML creates the users in /home/users but for communities we need them in /home/users/community.
Is there a way to change the path (via a config or a java hook) to change where SAML saves these user accounts?
When the user is created in /home/users they cannot see other usernames of posters (only unknown user) because the ACL property for everyone to access the profile lives on the community folder. I could add this to the users folder too but this would seem like a security risk.
Tried making a workflow to move the node that runs on rep:User Created but it fails with the following error:
OakConstraint0063: Attempt to manually create or change a token node or it's parent.
You're right, SAML will always create the user under /home/users, irrespective of if you're using communities or not. You'll have to extend the OOB SAML handler to create the node under communities vs /home/users. Be careful though, if you do customize it then all users who authenticate through SAML will have their username created under communities path.
we have configured SAML SSO for a published site in 6.2. In SAML Authentication config, there is a setting "default groups" where we have given our custom group name. All users got added to this group.
Not sure how SAML is configured/setup in 6.3. Hope above inputs help you in some way.
Do you know which handler it is? I can't find any docs on it. I tired extending SamlAuthenticationHandler (com.adobe.granite.auth.saml) and overriding createOrUpdateCRXUser but it doesn't seem to be firing.
Having everyone under communities would be exactly what I am looking for.