2016-06-29 00:04:23 +02:00
< ? php
2016-06-29 18:50:02 +02:00
script ( 'user_saml' , 'admin' );
style ( 'user_saml' , 'admin' );
2016-06-29 00:04:23 +02:00
/** @var array $_ */
?>
2016-11-14 11:54:03 +01:00
< form id = " user-saml " class = " section " action = " # " method = " post " data - type = " <?php p( $_['type'] ) ?> " >
< h2 class = " inlineblock " >< ? php p ( $l -> t ( 'SSO & SAML authentication' )); ?> </h2>
2017-02-03 13:00:03 +01:00
< a target = " _blank " rel = " noreferrer " class = " icon-info "
title = " <?php p( $l->t ('Open documentation'));?> "
2019-10-10 14:09:47 +02:00
href = " https://portal.nextcloud.com/article/configuring-single-sign-on-10.html " ></ a >
2017-02-03 13:00:03 +01:00
2018-07-05 21:54:24 +02:00
< div id = " user-saml-save-indicator " class = " msg success inlineblock " style = " display: none; " >< ? php p ( $l -> t ( 'Saved' )); ?> </div>
2018-05-13 19:14:05 +02:00
< div class = " warning hidden " id = " user-saml-warning-admin-user " >
2018-08-14 09:50:37 +02:00
< ? php
2019-01-18 12:06:20 +01:00
$url = \OC :: $server -> getURLGenerator () -> linkToRouteAbsolute ( 'core.login.showLoginForm' ) . '?direct=1' ;
$url = '<a href="' . $url . '">' . \OCP\Util :: sanitizeHTML ( $url ) . '</a>' ;
2018-08-14 09:50:37 +02:00
if ( isset ( $_ [ 'general' ][ 'allow_multiple_user_back_ends' ][ 'text' ])) {
2019-01-18 12:06:20 +01:00
print_unescaped (
2018-08-14 09:50:37 +02:00
$l -> t (
2022-09-04 15:52:57 +02:00
'Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account will not be possible anymore, unless you enabled "%s" or you go directly to the URL %s.' ,
2018-08-14 09:50:37 +02:00
[
2019-01-18 12:06:20 +01:00
\OCP\Util :: sanitizeHTML ( $theme -> getEntity ()),
\OCP\Util :: sanitizeHTML ( $_ [ 'general' ][ 'allow_multiple_user_back_ends' ][ 'text' ]),
$url ,
2018-08-14 09:50:37 +02:00
]
)
);
} else {
2019-01-18 12:06:20 +01:00
print_unescaped (
2018-08-14 09:50:37 +02:00
$l -> t (
2022-09-04 15:51:09 +02:00
'Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular %s account will not be possible anymore, unless you go directly to the URL %s.' ,
2018-08-14 09:50:37 +02:00
[
2019-01-18 12:06:20 +01:00
\OCP\Util :: sanitizeHTML ( $theme -> getEntity ()),
$url ,
]
)
);
2018-08-14 09:50:37 +02:00
}
2018-05-13 19:14:05 +02:00
?>
</ div >
2018-07-05 21:53:52 +02:00
< div id = " user-saml-choose-type " class = " hidden " >
< ? php p ( $l -> t ( 'Please choose whether you want to authenticate using the SAML provider built-in in Nextcloud or whether you want to authenticate against an environment variable.' )) ?>
< br />
< button id = " user-saml-choose-saml " >< ? php p ( $l -> t ( 'Use built-in SAML authentication' )) ?> </button>
< button id = " user-saml-choose-env " >< ? php p ( $l -> t ( 'Use environment variable' )) ?> </button>
</ div >
< div id = " user-saml-global " class = " hidden " >
< h3 >< ? php p ( $l -> t ( 'Global settings' )) ?> </h3>
2021-12-10 09:28:16 +01:00
< ? php foreach ( $_ [ 'general' ] as $key => $attribute ) : ?>
< ? php if ( $attribute [ 'type' ] === 'checkbox' && $attribute [ 'global' ]) : ?>
2018-07-05 21:53:52 +02:00
< p >
2022-05-11 15:47:21 +02:00
< input type = " checkbox " data - key = " <?php p( $key )?> " id = " user-saml-general-<?php p( $key )?> " name = " <?php p( $key )?> " value = " <?php p( $attribute['value'] ?? '0') ?> " >
2018-07-05 21:53:52 +02:00
< label for = " user-saml-general-<?php p( $key )?> " >< ? php p ( $attribute [ 'text' ]) ?> </label><br/>
</ p >
2021-12-10 09:28:16 +01:00
< ? php elseif ( $attribute [ 'type' ] === 'line' && isset ( $attribute [ 'global' ])) : ?>
2018-07-05 21:53:52 +02:00
< p >
2022-05-11 15:47:21 +02:00
< input data - key = " <?php p( $key )?> " name = " <?php p( $key ) ?> " value = " <?php p( $attribute['value'] ?? '') ?> " type = " text " < ? php if ( isset ( $attribute [ 'required' ]) && $attribute [ 'required' ] === true ) : ?> class="required"<?php endif;?> placeholder="<?php p($attribute['text']) ?>"/>
2018-07-05 21:53:52 +02:00
</ p >
< ? php endif ; ?>
< ? php endforeach ; ?>
</ div >
< ul class = " account-list hidden " >
2018-07-06 20:55:24 +02:00
< ? php foreach ( $_ [ 'providers' ] as $provider ) { ?>
< li data - id = " <?php p( $provider['id'] ); ?> " >
< a href = " # " >< ? php p ( $provider [ 'name' ]); ?> </a>
2018-05-13 19:14:05 +02:00
</ li >
< ? php } ?>
2018-07-06 20:55:24 +02:00
< li class = " remove-provider " >< a data - js = " remove-idp " class = " icon-delete " >< span class = " hidden-visually " >< ? php p ( $l -> t ( 'Remove identity provider' )); ?> </span></a></li>
2018-07-05 21:53:52 +02:00
< li class = " add-provider " >< a href = " # " class = " button " >< span class = " icon-add " ></ span > < ? php p ( $l -> t ( 'Add identity provider' )); ?> </a></li>
2018-05-13 19:14:05 +02:00
</ ul >
2018-07-05 21:53:52 +02:00
< div id = " user-saml-settings " class = " hidden " >
2016-11-14 11:54:03 +01:00
2018-07-05 21:53:52 +02:00
< div id = " user-saml-general " class = " hidden " >
2018-07-05 21:54:24 +02:00
< h3 >
< ? php p ( $l -> t ( 'General' )) ?>
</ h3 >
2021-12-10 09:28:16 +01:00
< ? php foreach ( $_ [ 'general' ] as $key => $attribute ) : ?>
< ? php if ( $attribute [ 'type' ] === 'checkbox' && ! $attribute [ 'global' ]) : ?>
2016-06-30 16:41:12 +02:00
< p >
2022-01-26 22:47:46 +01:00
< input type = " checkbox " data - key = " <?php p( $key )?> " id = " user-saml-general-<?php p( $key )?> " name = " <?php p( $key )?> " value = " <?php p( $_['config'] ['general-'. $key ] ?? '0') ?> " >
2016-06-30 16:41:12 +02:00
< label for = " user-saml-general-<?php p( $key )?> " >< ? php p ( $attribute [ 'text' ]) ?> </label><br/>
</ p >
2021-12-10 09:28:16 +01:00
< ? php elseif ( $attribute [ 'type' ] === 'line' && ! isset ( $attribute [ 'global' ])) : ?>
2016-06-30 16:41:12 +02:00
< p >
2022-01-26 22:47:46 +01:00
< input data - key = " <?php p( $key )?> " name = " <?php p( $key ) ?> " value = " <?php p( $_['config'] ['general-'. $key ] ?? '') ?> " type = " text " < ? php if ( isset ( $attribute [ 'required' ]) && $attribute [ 'required' ] === true ) : ?> class="required"<?php endif;?> placeholder="<?php p($attribute['text']) ?>"/>
2016-06-30 16:41:12 +02:00
</ p >
2016-06-29 10:25:09 +02:00
< ? php endif ; ?>
< ? php endforeach ; ?>
2016-06-29 00:04:23 +02:00
<!-- FIXME : Add " Disable timeout from SAML " switch ( checked by default ) -->
</ div >
2016-11-14 11:54:03 +01:00
2016-06-30 16:41:12 +02:00
< div id = " user-saml-sp " >
< h3 >< ? php p ( $l -> t ( 'Service Provider Data' )) ?> </h3>
< p >
< ? php print_unescaped ( $l -> t ( 'If your Service Provider should use certificates you can optionally specify them here.' )) ?>
2017-07-09 00:07:05 +02:00
< span class = " toggle " >< ? php p ( $l -> t ( 'Show Service Provider settings…' )) ?> </span>
2016-06-30 16:41:12 +02:00
</ p >
< div class = " hidden " >
2019-05-10 10:14:46 +02:00
< label for = " user-saml-nameidformat " >< ? php p ( $l -> t ( 'Name ID format' )) ?> </label><br/>
< select id = " user-saml-nameidformat "
name = " name-id-format " >
2021-12-10 09:28:16 +01:00
< ? php foreach ( $_ [ 'name-id-formats' ] as $key => $value ) : ?>
2019-05-10 10:14:46 +02:00
< option value = " <?php p( $key ) ?> "
2021-12-10 09:28:16 +01:00
< ? php if ( $value [ 'selected' ] ? ? false ) {
p ( " selected " );
} ?> ><?php p($value['label']) ?></option>
2019-05-10 10:14:46 +02:00
< ? php endforeach ; ?>
</ select >
2021-12-10 09:28:16 +01:00
< ? php foreach ( $_ [ 'sp' ] as $key => $text ) : ?>
2016-06-30 16:41:12 +02:00
< p >
2022-01-26 22:47:46 +01:00
< textarea name = " <?php p( $key ) ?> " placeholder = " <?php p( $text ) ?> " >< ? php p ( $_ [ 'config' ][ 'sp-' . $key ] ? ? '' ) ?> </textarea>
2016-06-30 16:41:12 +02:00
</ p >
< ? php endforeach ; ?>
</ div >
</ div >
< div id = " user-saml-idp " >
< h3 >< ? php p ( $l -> t ( 'Identity Provider Data' )) ?> </h3>
< p >
< ? php print_unescaped ( $l -> t ( 'Configure your IdP settings here.' )) ?>
</ p >
2022-01-26 22:47:46 +01:00
< p >< input data - key = " idp-entityId " name = " entityId " value = " <?php p( $_['config'] ['idp-entityId'] ?? '') ?> " type = " text " class = " required " placeholder = " <?php p( $l->t ('Identifier of the IdP entity (must be a URI)')) ?> " /></ p >
< p >< input name = " singleSignOnService.url " value = " <?php p( $_['config'] ['idp-singleSignOnService.url'] ?? '') ?> " type = " text " class = " required " placeholder = " <?php p( $l->t ('URL Target of the IdP where the SP will send the Authentication Request Message')) ?> " /></ p >
2017-07-09 00:07:05 +02:00
< p >< span class = " toggle " >< ? php p ( $l -> t ( 'Show optional Identity Provider settings…' )) ?> </span></p>
2016-06-30 16:41:12 +02:00
< div class = " hidden " >
2022-01-26 22:47:46 +01:00
< p >< input name = " singleLogoutService.url " value = " <?php p( $_['config'] ['idp-singleLogoutService.url'] ?? '') ?> " type = " text " placeholder = " <?php p( $l->t ('URL Location of the IdP where the SP will send the SLO Request')) ?> " /></ p >
< p >< input name = " singleLogoutService.responseUrl " value = " <?php p( $_['config'] ['idp-singleLogoutService.responseUrl'] ?? '') ?> " type = " text " placeholder = " <?php p( $l->t ('URL Location of the IDP \ 's SLO Response')) ?> " /></ p >
< p >< textarea name = " x509cert " placeholder = " <?php p( $l->t ('Public X.509 certificate of the IdP')) ?> " >< ? php p ( $_ [ 'config' ][ 'idp-x509cert' ] ? ? '' ) ?> </textarea></p>
2016-06-30 16:41:12 +02:00
</ div >
</ div >
2017-02-16 11:47:45 +01:00
< div id = " user-saml-attribute-mapping " class = " hidden " >
< h3 >< ? php p ( $l -> t ( 'Attribute mapping' )) ?> </h3>
< p >
2017-09-18 11:22:50 +02:00
< ? php print_unescaped ( $l -> t ( 'If you want to optionally map attributes to the user you can configure these here.' )) ?>
2017-07-09 00:07:05 +02:00
< span class = " toggle " >< ? php p ( $l -> t ( 'Show attribute mapping settings…' )) ?> </span>
2017-02-16 11:47:45 +01:00
</ p >
< div class = " hidden " >
2021-12-10 09:28:16 +01:00
< ? php foreach ( $_ [ 'attribute-mapping' ] as $key => $attribute ) : ?>
2017-02-16 11:47:45 +01:00
< ? php
2021-12-10 09:28:16 +01:00
if ( $attribute [ 'type' ] === 'line' ) : ?>
2017-02-16 11:47:45 +01:00
< p >
2022-01-26 22:47:46 +01:00
< input name = " <?php p( $key ) ?> " value = " <?php p( $_['config'] ['saml-attribute-mapping-'. $key ] ?? '') ?> " type = " text " < ? php if ( isset ( $attribute [ 'required' ]) && $attribute [ 'required' ] === true ) : ?> class="required"<?php endif;?> placeholder="<?php p($attribute['text']) ?>"/>
2017-02-16 11:47:45 +01:00
</ p >
< ? php endif ; ?>
< ? php endforeach ; ?>
</ div >
</ div >
2016-06-30 16:41:12 +02:00
< div id = " user-saml-security " >
< h3 >< ? php p ( $l -> t ( 'Security settings' )) ?> </h3>
< p >
< ? php print_unescaped ( $l -> t ( 'For increased security we recommend enabling the following settings if supported by your environment.' )) ?>
2017-07-09 00:07:05 +02:00
< span class = " toggle " >< ? php p ( $l -> t ( 'Show security settings…' )) ?> </span>
2016-06-30 16:41:12 +02:00
</ p >
< div class = " indent hidden " >
< h4 >< ? php p ( $l -> t ( 'Signatures and encryption offered' )) ?> </h4>
2021-12-10 09:28:16 +01:00
< ? php foreach ( $_ [ 'security-offer' ] as $key => $text ) : ?>
2016-06-30 16:41:12 +02:00
< p >
2022-01-26 22:47:46 +01:00
< input type = " checkbox " id = " user-saml-<?php p( $key )?> " name = " <?php p( $key )?> " value = " <?php p( $_['config'] ['security-'. $key ] ?? '0') ?> " class = " checkbox " >
2016-06-30 16:41:12 +02:00
< label for = " user-saml-<?php p( $key )?> " >< ? php p ( $text ) ?> </label><br/>
</ p >
< ? php endforeach ; ?>
< h4 >< ? php p ( $l -> t ( 'Signatures and encryption required' )) ?> </h4>
2021-12-10 09:28:16 +01:00
< ? php foreach ( $_ [ 'security-required' ] as $key => $text ) : ?>
2016-06-30 16:41:12 +02:00
< p >
2022-01-26 22:47:46 +01:00
< input type = " checkbox " id = " user-saml-<?php p( $key )?> " name = " <?php p( $key )?> " value = " <?php p( $_['config'] ['security-'. $key ] ?? '0') ?> " class = " checkbox " >
2016-06-30 16:41:12 +02:00
< label for = " user-saml-<?php p( $key )?> " >< ? php p ( $text ) ?> </label>
</ p >
< ? php endforeach ; ?>
2016-11-14 14:02:54 +01:00
< h4 >< ? php p ( $l -> t ( 'General' )) ?> </h4>
2021-12-10 09:28:16 +01:00
< ? php foreach ( $_ [ 'security-general' ] as $key => $attribute ) : ?>
2020-02-05 18:03:42 +01:00
< ? php if ( is_array ( $attribute ) && $attribute [ 'type' ] === 'line' ) { ?>
< ? php $text = $attribute [ 'text' ] ?>
< p >
< label >< ? php p ( $attribute [ 'text' ]) ?> </label><br />
2022-01-26 22:47:46 +01:00
< input data - key = " <?php p( $key )?> " name = " <?php p( $key ) ?> " value = " <?php p( $_['config'] ['security-'. $key ] ?? '') ?> " type = " text " < ? php if ( isset ( $attribute [ 'required' ]) && $attribute [ 'required' ] === true ) : ?> class="required"<?php endif;?> placeholder="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
2020-02-05 18:03:42 +01:00
</ p >
< ? php } else { ?>
< ? php $text = $attribute ?>
< p >
2022-01-26 22:47:46 +01:00
< input type = " checkbox " id = " user-saml-<?php p( $key )?> " name = " <?php p( $key )?> " value = " <?php p( $_['config'] ['security-'. $key ] ?? '0') ?> " class = " checkbox " >
2020-02-05 18:03:42 +01:00
< label for = " user-saml-<?php p( $key )?> " >< ? php p ( $text ) ?> </label><br/>
</ p >
< ? php } ?>
2016-11-14 14:02:54 +01:00
< ? php endforeach ; ?>
2016-06-30 16:41:12 +02:00
</ div >
</ div >
2016-06-29 00:04:23 +02:00
2018-07-10 20:08:59 +02:00
< a id = " get-metadata " data - base = " <?php p( \ OC:: $server->getURLGenerator ()->linkToRoute('user_saml.SAML.getMetadata')); ?> "
href = " <?php p( \ OC:: $server->getURLGenerator ()->linkToRoute('user_saml.SAML.getMetadata', ['idp' => $_['providers'] [0]['id']])) ?> " class = " button " >
< ? php p ( $l -> t ( 'Download metadata XML' )) ?>
</ a >
2018-08-14 09:39:30 +02:00
< button id = " user-saml-reset-settings " >< ? php p ( $l -> t ( 'Reset settings' )) ?> </button>
2016-07-05 10:59:41 +02:00
< span class = " warning hidden " id = " user-saml-settings-incomplete " >< ? php p ( $l -> t ( 'Metadata invalid' )) ?> </span>
< span class = " success hidden " id = " user-saml-settings-complete " >< ? php p ( $l -> t ( 'Metadata valid' )) ?> </span>
2016-06-29 00:04:23 +02:00
</ div >
</ form >