Roeland Jago Douma
1365bf820d
Load a timezone file if no timezone is set
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-05-27 08:39:22 +02:00
Björn Schiessle
577f612267
Merge pull request #286 from nextcloud/fix-268
...
always create user in the SAML back-end and update the attributes
2019-01-24 14:58:11 +01:00
Arthur Schiwon
ec593bce13
user might be already known, but was not mapped yet. init on first login.
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-01-22 13:38:56 +01:00
rakekniven
4e82b97055
Fixed typo.
...
Reported at Transifex.
Signed-off-by: Mark Ziegler <mark.ziegler@rakekniven.de>
2019-01-19 22:30:10 +01:00
Björn Schiessle
0b0bfe94a2
create user in the SAML back-end and update the attributes when
...
the user was found on another back-end during login
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-12-18 16:54:27 +01:00
Daniel Klaffenbach
624d1a23b9
Implement mapping of user's home directory
...
Signed-off-by: Daniel Klaffenbach <daniel.klaffenbach@hrz.tu-chemnitz.de>
2018-11-22 09:45:08 +01:00
Björn Schiessle
0aeaa0401a
Merge pull request #271 from nextcloud/better-error-messages
...
improve error messages in case SAML is not configured properly
2018-11-21 17:11:56 +01:00
Björn Schiessle
9790fbcb56
improve error messages in case SAML is not configured properly
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-11-20 17:34:46 +01:00
Björn Schiessle
087efb7359
content doesn't have to be a array, e.g. for category=type, content is 'saml'
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-11-19 12:25:12 +01:00
Björn Schiessle
e38a46eb64
first check if it is an array and that the key exists, to avoid error messages in the log file
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-11-19 12:17:35 +01:00
Björn Schiessle
69c0c5f479
log IDP parameters in debug mode
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-11-16 16:46:31 +01:00
Robin Appelman
f20252a5f4
log provisioning errors during sso environment login
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2018-11-14 15:05:44 +01:00
Björn Schiessle
fadb3a1e4a
add a combobox instead of buttons to select the login method if more then 4 different IDPs are configured
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-11-09 14:46:38 +01:00
Björn Schiessle
860ffb24ad
make global scale setup more robust
...
If this server acts as a global scale master and the user is not
a local admin of the server we just create the user and continue
no need to update additional attributes.
But for local users, e.g. the admins of the global scale master
we should complete the user setup with all attributes
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-10-24 14:06:27 +02:00
Roeland Jago Douma
140100b23e
Actually add error page
...
* The base route now has a function as well so it is not just some empty
route
* We now actually have an error page
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-11 11:56:55 +02:00
Björn Schiessle
425173365e
adjust Nextcloud app to php-saml 3.0
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-10-09 22:08:33 +02:00
Björn Schiessle
b80b94e408
we need to store some basic user information, even in the global scale scenario
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-10-09 16:57:03 +02:00
Björn Schiessle
53fe18a99f
allow redirect to the logout if it comes from the same server
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-09-25 15:56:36 +02:00
Björn Schiessle
4f852af4ce
don't auto provision the user on a global scale setup
...
with global scale the authentication happens on the master node
and then the user is forward to the node they are located.
Therefore no user should be created on the master node after the
authentication at the idp was successful
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-09-25 15:51:22 +02:00
Jean-Baptiste PIN
3f3cd68ef4
added redirection to originalUrl when using SSO
...
Signed-off-by: Jean-Baptiste PIN <jeanbaptiste@idruide.com>
2018-08-17 16:14:19 +02:00
Jean-Baptiste
0828185832
Added copyright
...
Signed-off-by: Jean-Baptiste <jibet.pin@gmail.com>
2018-08-17 16:14:09 +02:00
Björn Schiessle
2ac9adaf79
add missing parameter to function call
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-08-13 17:06:54 +02:00
Björn Schiessle
73ae008f6c
fix documentation
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-08-03 18:31:14 +02:00
Björn Schiessle
d055a0dafb
fix property name
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-08-03 12:43:20 +02:00
Björn Schiessle
2d62533eac
fix unit tests
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-08-03 12:43:20 +02:00
Julius Härtl
00711b8fbb
Fix attribute mapping config fetching
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-08-03 12:43:19 +02:00
Björn Schiessle
20757e9f0e
make sure to always use the right idp config
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-08-03 12:43:19 +02:00
Björn Schiessle
dafaf016a6
skip the 'type' if we build the settings page
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-08-03 12:43:19 +02:00
Julius Härtl
da69ddd5e3
Fix missing config values when switching idp
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-08-03 12:43:19 +02:00
Björn Schiessle
e378f22d10
always read the right idp config
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-08-03 12:43:19 +02:00
Björn Schiessle
39b3d52746
make sure to redirect to correct idp
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-08-03 12:43:19 +02:00
Björn Schiessle
afeee8beaa
show all configured IdP's on the login screen
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-08-03 12:43:19 +02:00
Julius Härtl
174234a14e
Fix issue when removing and adding the first idp
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-08-03 12:42:09 +02:00
Julius Härtl
1b4b4ee188
Add controller method to delete all idp config keys
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-08-03 12:42:08 +02:00
Julius Härtl
ee5308382b
Allow to configure multiple SAML providers
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-08-03 12:42:06 +02:00
Roeland Jago Douma
b6531dbca7
Follow the redirect url on direct login
...
This makes sure the auth flow also works with the direct login.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-07-11 13:35:15 +02:00
Roeland Jago Douma
82102c6f18
Merge pull request #196 from nextcloud/multiple-user-back-ends
...
Multiple user back ends
2018-03-19 14:01:07 +01:00
Björn Schiessle
02cde8030b
fix function documentation
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-03-19 12:51:39 +01:00
Björn Schiessle
8bc343da6f
make display name of SSO identity provider configurable
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-03-19 12:51:38 +01:00
Björn Schiessle
7daab97ace
add landing page to chose between SSO and direct login
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-03-19 12:51:30 +01:00
Arthur Schiwon
bed32b460f
try to lookup a user if the uid does not resolve and autoprov is disabled
...
it might well may be that the user exists but is not yet known to the
specific backend in Nextcloud and need to be mapped first.
This assumes that searching for the uid will actually find the user. This
is not necessarily given by the backend configuration.
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-03-14 17:53:07 +01:00
Björn Schiessle
4b8558522b
detect disabled user and show a appropriated error message
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-03-13 19:06:41 +01:00
Björn Schiessle
b9d5f56d25
add a meaningful error message in case a empty uid is given
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-01-16 12:14:21 +01:00
Roeland Jago Douma
f05649f554
Use @NoSameSiteCookieRequired annotation
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-09-26 15:36:20 +02:00
Lukas Reschke
cbc0ecd918
Read appname out of variable
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-09-21 17:13:20 +02:00
Lukas Reschke
6a00897841
More logging for debugging
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-09-21 17:08:17 +02:00
Lukas Reschke
082ae7ffd7
Redirect to /
if CSRF check does not pass
...
Some IDPs redirect to the SLS page after pressing the logout link. While this is a questionable behaviour it is unlikely we can change that, so let's work around this by forcing a proper redirect.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-30 17:02:11 +02:00
Lukas Reschke
940bcd30a3
Redirect users to previous page
...
This change ensures that users will be sent to the previous page.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-18 13:58:03 +02:00
Lukas Reschke
a1986b46b0
Also update timestamp for environment variable auth
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-04 18:19:34 +02:00
Lukas Reschke
3a3eb261aa
Fix order of session actions
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-04 17:24:01 +02:00