I am trying to integrate a federated authentication / single sign on with Sitecore using Identity Server 3. Please note that I am not using Azure Active Directory in any way.
I've been following these pages: http://blog.baslijten.com/enable-federated-authentication-and-configure-auth0-as-an-identity-provider-in-sitecore-9-0/
and
https://dhalgara.com/2018/05/01/sitecore-9-integrating-azure-ad-along-with-identity-server-3/
I believe I am close, as I'm able to set the login button to appear that takes me away to the Identity Server for authentication. I then enter in a username/password, and then it properly authenticates and redirects me back to the Sitecore login page with the following error:
You do not have access to the system. If you think this is wrong, please contact the system administrator.
I confirmed that I am authenticating and that when I go to the user management screen in Sitecore, I find some users with funny names that must have been created via the login process I mentioned. They are also not a part of any roles, which is why I suspect I can't log in.
Almost all the sites mention configuring this block of XML is key:
<transformation type="Sitecore.Owin.Authentication.Services.DefaultTransformation, Sitecore.Owin.Authentication">
<sources hint="raw:AddSource">
<claim name="x" value="y" />
</sources>
<targets hint="raw:AddTarget">
<claim name="something here" value="Sitecore\Developer" />
</targets>
<keepSource>true</keepSource>
</transformation>
But what does this really mean? I inspected my JWT and I don't have any claims coming back such as "roles" or "http://schemas.microsoft.com/ws/2008/06/identity/claims/role", but is that even necessary to assign a developer role to my user? What should be in the X/Y values above, and what should the value of "something here" be so that my user is made a Sitecore\Developer role (or some other role that I want)?
How can I ensure that when my user is signed in, I can put them as part of a particular group?
Thank you for your assistance.
