NB-Public
/
user_saml
mirror of https://github.com/netzbegruenung/user_saml.git
14
0
Fork 0
Code Issues Projects Releases Wiki Activity
1,215 Commits 27 Branches 58 Tags 9.4 MiB
Commit Graph

191 Commits

Author SHA1 Message Date
Jean-Baptiste 0828185832
Added copyright 
Signed-off-by: Jean-Baptiste <jibet.pin@gmail.com>
 2018-08-17 16:14:09 +02:00
Björn Schiessle 630765f9b4
make sure that we don't show the "select user back-end login screen if authentication over environment variables has been chosen 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2018-08-15 12:52:17 +02:00
Björn Schiessle 2ac9adaf79
add missing parameter to function call 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2018-08-13 17:06:54 +02:00
Björn Schiessle b6b576852a
we only allow multiple user back ends in combination with SAML, not with environment variables 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2018-08-13 16:51:59 +02:00
Björn Schiessle 73ae008f6c
fix documentation 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2018-08-03 18:31:14 +02:00
Björn Schiessle d055a0dafb
fix property name 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2018-08-03 12:43:20 +02:00
Björn Schiessle 2d62533eac
fix unit tests 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2018-08-03 12:43:20 +02:00
Julius Härtl 00711b8fbb
Fix attribute mapping config fetching 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2018-08-03 12:43:19 +02:00
Björn Schiessle 20757e9f0e
make sure to always use the right idp config 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2018-08-03 12:43:19 +02:00
Björn Schiessle dafaf016a6
skip the 'type' if we build the settings page 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2018-08-03 12:43:19 +02:00
Julius Härtl da69ddd5e3
Fix missing config values when switching idp 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2018-08-03 12:43:19 +02:00
Björn Schiessle e378f22d10
always read the right idp config 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2018-08-03 12:43:19 +02:00
Björn Schiessle 39b3d52746
make sure to redirect to correct idp 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2018-08-03 12:43:19 +02:00
Björn Schiessle afeee8beaa
show all configured IdP's on the login screen 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2018-08-03 12:43:19 +02:00
Julius Härtl 174234a14e
Fix issue when removing and adding the first idp 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2018-08-03 12:42:09 +02:00
Julius Härtl 1b4b4ee188
Add controller method to delete all idp config keys 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2018-08-03 12:42:08 +02:00
Julius Härtl 8c3a4b83e4
Add global settings that are valid for all identity providers 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2018-08-03 12:42:08 +02:00
Julius Härtl ee5308382b
Allow to configure multiple SAML providers 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2018-08-03 12:42:06 +02:00
Roeland Jago Douma b6531dbca7
Follow the redirect url on direct login 
This makes sure the auth flow also works with the direct login.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-07-11 13:35:15 +02:00
FGIKCM ce6e825b0f
Create skeleton and dispatch first login event 
Code taken from 'regular' login method do create skeleton and dispatch event of the user creation.
A better idea would be to directly use the `prepareUserLogin()` method of `lib/private/User/Session.php`, but as it is private...
 2018-06-18 16:21:28 +02:00
Sérgio Faria 423a76a843 Add and remove user groups with SAML 
Based on PR #95, however:
- Also removes groups based on the group attribute(s).
- Supports groups with spaces (which the previous PR didn't).
- Includes unit test

Signed-off-by: Sérgio Faria <sergio.faria@is4health.com>
 2018-03-19 16:07:42 +00:00
bne86 18aa824206 first version for group-mapping. groups are added and user assigned to groups. until now no group removal 
Signed-off-by: bne86 <b.von.st.vieth@fz-juelich.de>
 2018-03-19 16:07:33 +00:00
bne86 ee38ad3a17 when attribute from saml_response is of type array, return all valies with space as separator 
Signed-off-by: bne86 <b.von.st.vieth@fz-juelich.de>
 2018-03-19 14:03:05 +00:00
Roeland Jago Douma 82102c6f18
Merge pull request #196 from nextcloud/multiple-user-back-ends 
Multiple user back ends
 2018-03-19 14:01:07 +01:00
Björn Schiessle 02cde8030b
fix function documentation 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2018-03-19 12:51:39 +01:00
Björn Schiessle 8bc343da6f
make display name of SSO identity provider configurable 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2018-03-19 12:51:38 +01:00
Björn Schiessle 7daab97ace
add landing page to chose between SSO and direct login 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2018-03-19 12:51:30 +01:00
blizzz 1df4ef8f2b
Merge pull request #192 from nextcloud/fix/162/search-uid-if-not-known 
try to lookup a user if the uid does not resolve and autoprov is disabled
 2018-03-19 12:20:05 +01:00
Björn Schiessle cc361cc409
add setting to allow multiple user back-ends parallel to the saml back-end 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2018-03-16 14:56:29 +01:00
Björn Schiessle 742ae5e80d
set quota to 'default' if no quota parameter is given or quota was set to '' 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2018-03-15 16:19:24 +01:00
Roeland Jago Douma 9bf0d3eb3d
Add support for mapping the quota 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-03-14 21:15:04 +01:00
Arthur Schiwon bed32b460f
try to lookup a user if the uid does not resolve and autoprov is disabled 
it might well may be that the user exists but is not yet known to the
specific backend in Nextcloud and need to be mapped first.

This assumes that searching for the uid will actually find the user. This
is not necessarily given by the backend configuration.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2018-03-14 17:53:07 +01:00
Björn Schiessle 4b8558522b
detect disabled user and show a appropriated error message 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2018-03-13 19:06:41 +01:00
Björn Schiessle b9d5f56d25
add a meaningful error message in case a empty uid is given 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2018-01-16 12:14:21 +01:00
Björn Schiessle d34e216e9d
update the display name in accounts table 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2017-12-07 17:14:33 +01:00
Roeland Jago Douma f05649f554
Use @NoSameSiteCookieRequired annotation 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-09-26 15:36:20 +02:00
Lukas Reschke cbc0ecd918
Read appname out of variable 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-09-21 17:13:20 +02:00
Lukas Reschke 6a00897841
More logging for debugging 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-09-21 17:08:17 +02:00
Lukas Reschke 54804783c2
Add logout attribute for < 12.0.3 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-09-18 14:11:43 +02:00
Lukas Reschke 082ae7ffd7
Redirect to `/` if CSRF check does not pass 
Some IDPs redirect to the SLS page after pressing the logout link. While this is a questionable behaviour it is unlikely we can change that, so let's work around this by forcing a proper redirect.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-08-30 17:02:11 +02:00
Lukas Reschke 45e52c97c3 Merge pull request #145 from nextcloud/new-slo-url 
Implement new SLO URL API
 2017-08-30 14:47:02 +02:00
Lukas Reschke 940bcd30a3
Redirect users to previous page 
This change ensures that users will be sent to the previous page.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-08-18 13:58:03 +02:00
Lukas Reschke 2d4aad3487
Implement new SLO URL API 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-08-18 12:29:49 +02:00
Lukas Reschke a1986b46b0
Also update timestamp for environment variable auth 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-08-04 18:19:34 +02:00
Lukas Reschke bae5f79cbd
Use static variable for storing backends 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-08-04 18:16:54 +02:00
Lukas Reschke 3a3eb261aa
Fix order of session actions 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-08-04 17:24:01 +02:00
Lukas Reschke 5a4d327c0a
Perform logic in ACS 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-08-04 16:55:01 +02:00
Lukas Reschke bc98b466bd
Set last login after successful login operation 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-08-04 12:54:59 +02:00
Lukas Reschke 69a6484257
baseurl is expected to be the host name and protocol without path 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-08-01 17:17:32 +02:00
Lukas Reschke 2a3e46dc2f
Proper casing of file 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-08-01 11:30:15 +02:00
Lukas Reschke 4691870887
Don't advertise ability to change display name 
Otherwise users can change their display name and email address which is in a SAML scenario undesired.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-07-31 16:58:51 +02:00
Lukas Reschke a5a406fb1f
Backend also supports setting a displayname 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-07-31 16:28:31 +02:00
Lukas Reschke d9245ae533
Follow PSR file naming 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-07-31 16:28:31 +02:00
Lukas Reschke 034e2d7c8a
Claim to always support \OC\User\Backend::GET_DISPLAYNAME 
`\OC_User::loginWithApache` sets the display name otherwise to the login name which is wrong.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-07-31 16:28:26 +02:00
Lukas Reschke c55614dc3c
Add baseurl to SAML settings 
In case the protected server is behind reverse proxies with a different protocol this is required.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-07-31 09:33:39 +02:00
Morris Jobke 7a1cd3c216 Use proper namespace for user backend class 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-07-27 16:05:02 +02:00
Allan Nordhøy 9cd8a36cf1 Fix spelling 
XML, exists
admintest.php XML / exists
advanced_settings_example.php XML
removed "is" exists

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-07-18 19:42:35 +02:00
Lukas Reschke 1a1a11c8e9
Add support for mapping attributes 
This adds support for mapping attributes for full name and email

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-02-16 15:23:46 +01:00
Lukas Reschke c1ab62ddac
Log last error reason 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-02-14 16:24:17 +01:00
Lukas Reschke 29c60c3869
Add better error handling 
1. Enable `debug` mode if debug mode is enabled in config.php
2. Log errors to the log file

Also I fixed the unit tests that broke with https://github.com/nextcloud/user_saml/pull/81

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-02-03 12:30:10 +01:00
Morris Jobke 722e94c0d0
Add icon to admin page sidebar 
* follow up to nextcloud/server#3151

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-01-24 12:01:34 -06:00
Lukas Reschke dd4ebe6e3d
Add integration test for Environment Variable 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-01-19 01:46:26 +01:00
Lukas Reschke fb56b76710
Enable strict mode 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-01-12 22:10:57 +01:00
Joas Schilling a0662caf61
Do not use deprecated class anymore 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2016-12-14 11:45:50 +01:00
Lukas Reschke a616f1d238
No password confirmation for SAML 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-11-24 10:11:12 +01:00
Lukas Reschke 79462b37fd
Disable debug mode 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-11-14 14:13:33 +01:00
Lukas Reschke 59fc3d0fc9
ADFS lower-case support 2016-11-14 14:02:54 +01:00
Lukas Reschke 314ae475f6
Add support for environment variable login 2016-11-14 13:47:30 +01:00
Lukas Reschke e8d38fbd39
Add tests for Application class 2016-09-30 14:38:57 +02:00
Lukas Reschke da7afd3828
Add tests for "Admin" 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-09-30 14:19:12 +02:00
Lukas Reschke 5f6ab59075
Add test for OnlyLoggedInMiddleware 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-09-30 13:52:02 +02:00
Lukas Reschke 6cdc174fdd
Add switch to configure whether SAML auth is used for desktop clients 2016-09-26 22:06:17 +02:00
Lukas Reschke f60698dc0f
Merge branch 'master' of https://github.com/nextcloud/user_saml 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-09-26 21:33:50 +02:00
Lukas Reschke c27d002d10
Remove unrequired controllers 2016-09-26 21:33:19 +02:00
Lukas Reschke 9b97c7350b
Remove unused code 
This is now also part of core

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-09-26 21:24:44 +02:00
Arthur Schiwon f511e7e887
IAdmin is now ISettings 2016-08-11 14:48:45 +02:00
Lukas Reschke 85364aeb34
Use new admin page module 
Makes this page a single page as implemented in https://github.com/nextcloud/server/pull/796
 2016-08-10 16:27:21 +02:00
Lukas Reschke a5a8b98512
It should be uid not token 
That happens when testing locally with SQLite...
 2016-07-06 15:11:54 +02:00
Lukas Reschke 53b182990c
Only allow access if user is not authed 
Fixes https://github.com/nextcloud/user_saml/issues/15
 2016-07-04 14:33:26 +02:00
Lukas Reschke 07a98d66f1
Add Shibboleth users to DB 
So search etc. works fine
 2016-07-04 11:34:20 +02:00
Lukas Reschke b9a157e36d
Add wantsnameid 2016-06-29 21:50:09 +02:00
Lukas Reschke f734958836
Add possibility to enforce local user account 
Fixes https://github.com/nextcloud/user_saml/issues/12
Fixes https://github.com/nextcloud/user_saml/issues/5
 2016-06-29 20:34:10 +02:00
Lukas Reschke 84c1547c85
Add application specific passwords 
Fixes https://github.com/nextcloud/user_saml/issues/1
 2016-06-29 18:50:02 +02:00
Lukas Reschke 03646e6159
Make compatible with desktop clients 
The cookie "_SHIBSESSION_" is expected.

Fixes https://github.com/nextcloud/user_saml/issues/9
 2016-06-29 12:06:50 +02:00
Lukas Reschke 77499230a2
Only show logout if SLO is set 
Fixes https://github.com/nextcloud/user_saml/issues/10
 2016-06-29 11:10:59 +02:00
Lukas Reschke 906a1aba34
Require CSRF token 2016-06-29 10:58:05 +02:00
Lukas Reschke 46bab66c28
Proper session keys 2016-06-29 10:56:27 +02:00
Lukas Reschke 75d0e0d124
Reuse variable 2016-06-29 10:52:23 +02:00
Lukas Reschke 0e66028025
Add CSRF token and track AuthnRequestID 
Fixes https://github.com/nextcloud/user_saml/issues/11
 2016-06-29 10:51:07 +02:00
Lukas Reschke 99bbde20dc
Add mapping editor 
Fixes https://github.com/nextcloud/user_saml/issues/4
 2016-06-29 10:25:09 +02:00
Lukas Reschke ada6b6ebc8
Initial import 2016-06-29 00:04:23 +02:00