Roles don't get applied (Authentik)

[DesertCookie]

I've successfully set up Authentik as SAML provider and connected it to Wordpress. The login and logout works flawlessly, even transferring custom user attributes for first, last, and nick name.

However, I cannot figure out how to get groups working. In Authentik I have a group wordpress that is required to access the service at all. This group then has sub-groups such as wordpress-editor; these group names I have added to the plugin config. Furthermore, I have tried multiple ways of specifying the attribute mappings for roles: http://schemas.xmlsoap.org/claims/Group is what works for Nextcloud, I've tried groups and also ak_groups see here. User always end up only being subscribers. I've tried both with an without Multiple role values in one saml attribute value.

[Subterrane]

The original author of this repo is now at https://github.com/SAML-Toolkits. We still need to transfer this repo to his organization.

[DesertCookie]

It doesn't make sense to open an issue there yet, though, right?

[Subterrane]

We got it moved, thanks!

[DesertCookie]

I've changed to using the SSO URL (IdP-initiated Login) from Authentik instead of the SSO URL (Post) one as the latter had issues with missing SAML payloads.

Groups still do not get applied in WordPress.