JumpCloud SSO with multiple groups not working

When logging into the pritunl server using JumpCloud SSO the redirect from auth.pritunl.com only contains one group despite a user having multiple groups. In practice, what we’re seeing:

The POST request to
https://auth.pritunl.com/v1/callback/saml contains several groups:

...
    <saml2:AttributeStatement>
      <saml2:Attribute Name="groups"
        NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
        <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:type="xsd:string">Group1</saml2:AttributeValue>
        <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:type="xsd:string">Group2</saml2:AttributeValue>
      </saml2:Attribute>
    </saml2:AttributeStatement>
...

The response (with redirect), only contains one of the groups:

https://<host>/sso/callback?state=REDACTED&username=REDACTED&email=&org=&secondary=&groups=Group1&roles=&sig=REDACTED

This should be fixed now.

Looks good, thanks @zach!