Jean-Baptiste
0828185832
Added copyright
...
Signed-off-by: Jean-Baptiste <jibet.pin@gmail.com>
2018-08-17 16:14:09 +02:00
Björn Schiessle
630765f9b4
make sure that we don't show the "select user back-end login screen if authentication over environment variables has been chosen
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-08-15 12:52:17 +02:00
Björn Schiessle
2ac9adaf79
add missing parameter to function call
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-08-13 17:06:54 +02:00
Björn Schiessle
b6b576852a
we only allow multiple user back ends in combination with SAML, not with environment variables
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-08-13 16:51:59 +02:00
Björn Schiessle
73ae008f6c
fix documentation
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-08-03 18:31:14 +02:00
Björn Schiessle
d055a0dafb
fix property name
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-08-03 12:43:20 +02:00
Björn Schiessle
2d62533eac
fix unit tests
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-08-03 12:43:20 +02:00
Julius Härtl
00711b8fbb
Fix attribute mapping config fetching
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-08-03 12:43:19 +02:00
Björn Schiessle
20757e9f0e
make sure to always use the right idp config
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-08-03 12:43:19 +02:00
Björn Schiessle
dafaf016a6
skip the 'type' if we build the settings page
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-08-03 12:43:19 +02:00
Julius Härtl
da69ddd5e3
Fix missing config values when switching idp
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-08-03 12:43:19 +02:00
Björn Schiessle
e378f22d10
always read the right idp config
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-08-03 12:43:19 +02:00
Björn Schiessle
39b3d52746
make sure to redirect to correct idp
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-08-03 12:43:19 +02:00
Björn Schiessle
afeee8beaa
show all configured IdP's on the login screen
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-08-03 12:43:19 +02:00
Julius Härtl
174234a14e
Fix issue when removing and adding the first idp
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-08-03 12:42:09 +02:00
Julius Härtl
1b4b4ee188
Add controller method to delete all idp config keys
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-08-03 12:42:08 +02:00
Julius Härtl
8c3a4b83e4
Add global settings that are valid for all identity providers
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-08-03 12:42:08 +02:00
Julius Härtl
ee5308382b
Allow to configure multiple SAML providers
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-08-03 12:42:06 +02:00
Roeland Jago Douma
b6531dbca7
Follow the redirect url on direct login
...
This makes sure the auth flow also works with the direct login.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-07-11 13:35:15 +02:00
FGIKCM
ce6e825b0f
Create skeleton and dispatch first login event
...
Code taken from 'regular' login method do create skeleton and dispatch event of the user creation.
A better idea would be to directly use the `prepareUserLogin()` method of `lib/private/User/Session.php`, but as it is private...
2018-06-18 16:21:28 +02:00
Sérgio Faria
423a76a843
Add and remove user groups with SAML
...
Based on PR #95 , however:
- Also removes groups based on the group attribute(s).
- Supports groups with spaces (which the previous PR didn't).
- Includes unit test
Signed-off-by: Sérgio Faria <sergio.faria@is4health.com>
2018-03-19 16:07:42 +00:00
bne86
18aa824206
first version for group-mapping. groups are added and user assigned to groups. until now no group removal
...
Signed-off-by: bne86 <b.von.st.vieth@fz-juelich.de>
2018-03-19 16:07:33 +00:00
bne86
ee38ad3a17
when attribute from saml_response is of type array, return all valies with space as separator
...
Signed-off-by: bne86 <b.von.st.vieth@fz-juelich.de>
2018-03-19 14:03:05 +00:00
Roeland Jago Douma
82102c6f18
Merge pull request #196 from nextcloud/multiple-user-back-ends
...
Multiple user back ends
2018-03-19 14:01:07 +01:00
Björn Schiessle
02cde8030b
fix function documentation
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-03-19 12:51:39 +01:00
Björn Schiessle
8bc343da6f
make display name of SSO identity provider configurable
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-03-19 12:51:38 +01:00
Björn Schiessle
7daab97ace
add landing page to chose between SSO and direct login
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-03-19 12:51:30 +01:00
blizzz
1df4ef8f2b
Merge pull request #192 from nextcloud/fix/162/search-uid-if-not-known
...
try to lookup a user if the uid does not resolve and autoprov is disabled
2018-03-19 12:20:05 +01:00
Björn Schiessle
cc361cc409
add setting to allow multiple user back-ends parallel to the saml back-end
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-03-16 14:56:29 +01:00
Björn Schiessle
742ae5e80d
set quota to 'default' if no quota parameter is given or quota was set to ''
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-03-15 16:19:24 +01:00
Roeland Jago Douma
9bf0d3eb3d
Add support for mapping the quota
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-03-14 21:15:04 +01:00
Arthur Schiwon
bed32b460f
try to lookup a user if the uid does not resolve and autoprov is disabled
...
it might well may be that the user exists but is not yet known to the
specific backend in Nextcloud and need to be mapped first.
This assumes that searching for the uid will actually find the user. This
is not necessarily given by the backend configuration.
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-03-14 17:53:07 +01:00
Björn Schiessle
4b8558522b
detect disabled user and show a appropriated error message
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-03-13 19:06:41 +01:00
Björn Schiessle
b9d5f56d25
add a meaningful error message in case a empty uid is given
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-01-16 12:14:21 +01:00
Björn Schiessle
d34e216e9d
update the display name in accounts table
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-12-07 17:14:33 +01:00
Roeland Jago Douma
f05649f554
Use @NoSameSiteCookieRequired annotation
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-09-26 15:36:20 +02:00
Lukas Reschke
cbc0ecd918
Read appname out of variable
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-09-21 17:13:20 +02:00
Lukas Reschke
6a00897841
More logging for debugging
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-09-21 17:08:17 +02:00
Lukas Reschke
54804783c2
Add logout attribute for < 12.0.3
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-09-18 14:11:43 +02:00
Lukas Reschke
082ae7ffd7
Redirect to `/` if CSRF check does not pass
...
Some IDPs redirect to the SLS page after pressing the logout link. While this is a questionable behaviour it is unlikely we can change that, so let's work around this by forcing a proper redirect.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-30 17:02:11 +02:00
Lukas Reschke
45e52c97c3
Merge pull request #145 from nextcloud/new-slo-url
...
Implement new SLO URL API
2017-08-30 14:47:02 +02:00
Lukas Reschke
940bcd30a3
Redirect users to previous page
...
This change ensures that users will be sent to the previous page.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-18 13:58:03 +02:00
Lukas Reschke
2d4aad3487
Implement new SLO URL API
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-18 12:29:49 +02:00
Lukas Reschke
a1986b46b0
Also update timestamp for environment variable auth
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-04 18:19:34 +02:00
Lukas Reschke
bae5f79cbd
Use static variable for storing backends
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-04 18:16:54 +02:00
Lukas Reschke
3a3eb261aa
Fix order of session actions
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-04 17:24:01 +02:00
Lukas Reschke
5a4d327c0a
Perform logic in ACS
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-04 16:55:01 +02:00
Lukas Reschke
bc98b466bd
Set last login after successful login operation
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-04 12:54:59 +02:00
Lukas Reschke
69a6484257
baseurl is expected to be the host name and protocol without path
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-01 17:17:32 +02:00
Lukas Reschke
2a3e46dc2f
Proper casing of file
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-01 11:30:15 +02:00
Lukas Reschke
4691870887
Don't advertise ability to change display name
...
Otherwise users can change their display name and email address which is in a SAML scenario undesired.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-31 16:58:51 +02:00
Lukas Reschke
a5a406fb1f
Backend also supports setting a displayname
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-31 16:28:31 +02:00
Lukas Reschke
d9245ae533
Follow PSR file naming
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-31 16:28:31 +02:00
Lukas Reschke
034e2d7c8a
Claim to always support \OC\User\Backend::GET_DISPLAYNAME
...
`\OC_User::loginWithApache` sets the display name otherwise to the login name which is wrong.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-31 16:28:26 +02:00
Lukas Reschke
c55614dc3c
Add baseurl to SAML settings
...
In case the protected server is behind reverse proxies with a different protocol this is required.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-31 09:33:39 +02:00
Morris Jobke
7a1cd3c216
Use proper namespace for user backend class
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-07-27 16:05:02 +02:00
Allan Nordhøy
9cd8a36cf1
Fix spelling
...
XML, exists
admintest.php XML / exists
advanced_settings_example.php XML
removed "is" exists
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-07-18 19:42:35 +02:00
Lukas Reschke
1a1a11c8e9
Add support for mapping attributes
...
This adds support for mapping attributes for full name and email
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-02-16 15:23:46 +01:00
Lukas Reschke
c1ab62ddac
Log last error reason
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-02-14 16:24:17 +01:00
Lukas Reschke
29c60c3869
Add better error handling
...
1. Enable `debug` mode if debug mode is enabled in config.php
2. Log errors to the log file
Also I fixed the unit tests that broke with https://github.com/nextcloud/user_saml/pull/81
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-02-03 12:30:10 +01:00
Morris Jobke
722e94c0d0
Add icon to admin page sidebar
...
* follow up to nextcloud/server#3151
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-01-24 12:01:34 -06:00
Lukas Reschke
dd4ebe6e3d
Add integration test for Environment Variable
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-01-19 01:46:26 +01:00
Lukas Reschke
fb56b76710
Enable strict mode
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-01-12 22:10:57 +01:00
Joas Schilling
a0662caf61
Do not use deprecated class anymore
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-12-14 11:45:50 +01:00
Lukas Reschke
a616f1d238
No password confirmation for SAML
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-24 10:11:12 +01:00
Lukas Reschke
79462b37fd
Disable debug mode
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-14 14:13:33 +01:00
Lukas Reschke
59fc3d0fc9
ADFS lower-case support
2016-11-14 14:02:54 +01:00
Lukas Reschke
314ae475f6
Add support for environment variable login
2016-11-14 13:47:30 +01:00
Lukas Reschke
e8d38fbd39
Add tests for Application class
2016-09-30 14:38:57 +02:00
Lukas Reschke
da7afd3828
Add tests for "Admin"
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-09-30 14:19:12 +02:00
Lukas Reschke
5f6ab59075
Add test for OnlyLoggedInMiddleware
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-09-30 13:52:02 +02:00
Lukas Reschke
6cdc174fdd
Add switch to configure whether SAML auth is used for desktop clients
2016-09-26 22:06:17 +02:00
Lukas Reschke
f60698dc0f
Merge branch 'master' of https://github.com/nextcloud/user_saml
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-09-26 21:33:50 +02:00
Lukas Reschke
c27d002d10
Remove unrequired controllers
2016-09-26 21:33:19 +02:00
Lukas Reschke
9b97c7350b
Remove unused code
...
This is now also part of core
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-09-26 21:24:44 +02:00
Arthur Schiwon
f511e7e887
IAdmin is now ISettings
2016-08-11 14:48:45 +02:00
Lukas Reschke
85364aeb34
Use new admin page module
...
Makes this page a single page as implemented in https://github.com/nextcloud/server/pull/796
2016-08-10 16:27:21 +02:00
Lukas Reschke
a5a8b98512
It should be uid not token
...
That happens when testing locally with SQLite...
2016-07-06 15:11:54 +02:00
Lukas Reschke
53b182990c
Only allow access if user is not authed
...
Fixes https://github.com/nextcloud/user_saml/issues/15
2016-07-04 14:33:26 +02:00
Lukas Reschke
07a98d66f1
Add Shibboleth users to DB
...
So search etc. works fine
2016-07-04 11:34:20 +02:00
Lukas Reschke
b9a157e36d
Add wantsnameid
2016-06-29 21:50:09 +02:00
Lukas Reschke
f734958836
Add possibility to enforce local user account
...
Fixes https://github.com/nextcloud/user_saml/issues/12
Fixes https://github.com/nextcloud/user_saml/issues/5
2016-06-29 20:34:10 +02:00
Lukas Reschke
84c1547c85
Add application specific passwords
...
Fixes https://github.com/nextcloud/user_saml/issues/1
2016-06-29 18:50:02 +02:00
Lukas Reschke
03646e6159
Make compatible with desktop clients
...
The cookie "_SHIBSESSION_" is expected.
Fixes https://github.com/nextcloud/user_saml/issues/9
2016-06-29 12:06:50 +02:00
Lukas Reschke
77499230a2
Only show logout if SLO is set
...
Fixes https://github.com/nextcloud/user_saml/issues/10
2016-06-29 11:10:59 +02:00
Lukas Reschke
906a1aba34
Require CSRF token
2016-06-29 10:58:05 +02:00
Lukas Reschke
46bab66c28
Proper session keys
2016-06-29 10:56:27 +02:00
Lukas Reschke
75d0e0d124
Reuse variable
2016-06-29 10:52:23 +02:00
Lukas Reschke
0e66028025
Add CSRF token and track AuthnRequestID
...
Fixes https://github.com/nextcloud/user_saml/issues/11
2016-06-29 10:51:07 +02:00
Lukas Reschke
99bbde20dc
Add mapping editor
...
Fixes https://github.com/nextcloud/user_saml/issues/4
2016-06-29 10:25:09 +02:00
Lukas Reschke
ada6b6ebc8
Initial import
2016-06-29 00:04:23 +02:00