| Age | Commit message (Collapse) | Author |
|---|
|
Signed-off-by: Julius Härtl <jus@bitgrid.net>
|
|
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
|
|
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
|
|
This will allow reporting to also list the number of SAML users on the
instance.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|
- fix 'environment-variable' login problem with chrome browser
- problem: using nextcloud behind apache2 mod_auth_mellon, chrome browser gets too many redirects
- description: nc_sameSiteCookiestrict is not sent by chrome, because of the origin POST request by idp and the 3xx redirects on nextcloud side
|
|
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
|
|
Some IdPs send their SLO logout requests via POST. To handle
them we need to add an entry in the routing table.
Further, we need to hack around the issue, that php-saml only
handles GET by copying the request from $_POST to $_GET.
This solves #82.
Signed-off-by: Frieder Schrempf <frieder.schrempf@online.de>
|
|
Signed-off-by: Dylann Cordel <d.cordel@webu.coop>
|
|
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|
user search parity as with local users
|
|
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
|
|
* also take displayname and email into account
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
|
|
always create user in the SAML back-end and update the attributes
|
|
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
|
|
Reported at Transifex.
Signed-off-by: Mark Ziegler <mark.ziegler@rakekniven.de>
|
|
the user was found on another back-end during login
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
|
|
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
|
|
Add sanity checks for user home directory
|
|
Add sabredav plugin to register environment auth for dav requests
|
|
When the mapped user home is not a fully qualified path name we'll fall
back to setting the mapped home below the server's datadirectory. This
provides consistent behavior with the "user_ldap" app which uses the same
fallback/safety mechanism.
Signed-off-by: Daniel Klaffenbach <daniel.klaffenbach@hrz.tu-chemnitz.de>
|
|
Signed-off-by: Daniel Klaffenbach <daniel.klaffenbach@hrz.tu-chemnitz.de>
|
|
improve error messages in case SAML is not configured properly
|
|
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
|
|
this was moved to core
Signed-off-by: Robin Appelman <robin@icewind.nl>
|
|
Signed-off-by: Robin Appelman <robin@icewind.nl>
|
|
Signed-off-by: Robin Appelman <robin@icewind.nl>
|
|
Signed-off-by: Robin Appelman <robin@icewind.nl>
|
|
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
|
|
messages in the log file
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
|
|
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
|
|
Signed-off-by: Robin Appelman <robin@icewind.nl>
|
|
different IDPs are configured
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
|
|
If this server acts as a global scale master and the user is not
a local admin of the server we just create the user and continue
no need to update additional attributes.
But for local users, e.g. the admins of the global scale master
we should complete the user setup with all attributes
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
|
|
* The base route now has a function as well so it is not just some empty
route
* We now actually have an error page
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
|
|
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
|
|
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
|
|
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
|
|
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
|
|
configured parameter mapping
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
|
|
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
|
|
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
|
|
This is needed in the global scale setup to forward the user data
from the master node (where the login happens) to the client node
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
|
|
with global scale the authentication happens on the master node
and then the user is forward to the node they are located.
Therefore no user should be created on the master node after the
authentication at the idp was successful
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
|
|
Signed-off-by: Jean-Baptiste PIN <jeanbaptiste@idruide.com>
|
|
Signed-off-by: Jean-Baptiste <jibet.pin@gmail.com>
|
|
authentication over environment variables has been chosen
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
|
|
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
|
