Arthur Schiwon
9672ed6ca5
make testEncodedObjectGUID more robust against false positives
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2021-01-20 17:05:17 +01:00
Roeland Jago Douma
58f717f91d
Bump doctrine types for 21 support
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2021-01-12 20:41:40 +01:00
Roeland Jago Douma
7f7def4b7f
Allow customer directlogin text
...
Some people seem to want to have a custom direct login text. This allows
them to set it. For now only via occ. But maybe some day we also add a
GUI component to it.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2021-01-12 14:44:05 +01:00
Roeland Jago Douma
1c2be57e20
Merge pull request #468 from orandev/patch-1
...
Fix incorrect key name in "Login flow fix"
2020-11-24 15:25:44 +01:00
Arthur Schiwon
9f53230eb6
fixes provisioning of userids from encoded (objectguid) values
...
- is more tolerate when decoding, uuid structure is still tested later
- ensures the uid is resolved on getCurrentId()
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-11-24 00:08:16 +01:00
Arthur Schiwon
9bf08a698d
fix missing user_saml.Idp session value which SAMLSettings rely on
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-11-05 22:27:31 +01:00
Arthur Schiwon
31bc57a4e9
redirects to homepage instead showing error on blank page
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-11-02 17:05:18 +01:00
blizzz
e34e6d2f9f
Merge pull request #466 from nextcloud/bugfix/log-invalid-user-id
...
Add checked user id to InvalidArgumentException
2020-10-13 19:33:01 +02:00
blizzz
a1cb44131c
Merge pull request #432 from nextcloud/enh/noid/saml-response-url
...
optional possibility to provide a URL for SLO Response
2020-10-12 10:34:35 +02:00
orandev
c318b9421f
Fix incorrect key name in "Login flow fix"
...
'name' key was put in flowData table, but 'token' key was retrieved from this table, thus triggering the following error:
Undefined index: token at /nextcloud/apps/user_saml/lib/Controller/SAMLController.php#306
Signed-off-by: orandev <63342732+orandev@users.noreply.github.com>
2020-10-09 12:20:10 +02:00
Julius Härtl
4184aa9fa8
Add checked user id to InvalidArgumentException
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-10-09 08:39:37 +02:00
Roeland Jago Douma
5c87778134
Fix login flow with SAML
...
Because of the strict samesite cookies SAML fails with the login flow.
Because the post that comes back is not transfering the proper cookies
to use the same session. Hence the token in use gets lost etc.
Now we store this all (encrypted) in a cookie. So that when we come back
we can restore the proper session.
FAQ:
* Is it elegant?
Nope!
* Does it work?
Yes!
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-10-05 15:16:38 +02:00
Roeland Jago Douma
160ad27474
Handle failing SLO
...
If the SLO throws an error we should catch it. This is so that we do not
show an error page. We should also still logout the current session.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-09-25 09:26:37 +02:00
Arthur Schiwon
2a614e0337
optional possibility to provide a URL for SLO Response
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-09-10 10:14:53 +02:00
Arthur Schiwon
238b578cf1
acs endpoint to always return a RedirectResponse
...
* the void statements end up in a useless blank page
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-09-08 17:01:15 +02:00
Georg Ehrke
b4d497bbec
Sabre/DAV 4.0: beforeMethod is now beforeMethod:*
...
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2020-09-07 16:15:28 +02:00
Maxime Besson
8c4f9da56d
Add occ command to dump metadata for a given provider
...
Signed-off-by: Maxime Besson <maxime.besson@worteks.com>
2020-08-18 18:41:54 +02:00
Roeland Jago Douma
f5304f6757
Make work with posts and cookies again
...
Requires https://github.com/nextcloud/server/pull/21479 to fully work.
Basically don't save this info in the session (which is lax by default
starting with NC19 but also soon with new chromes and firefox). We now
save it is a cookie that is set to None. This is the best we can do I
think.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-07-10 10:01:16 +02:00
Joas Schilling
5f49b6c004
Move to migrations
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-06-30 21:36:14 +02:00
Clément OUDOT
8d6eb60128
Merge remote-tracking branch 'upstream/master' into fix-saml-single-logout
2020-03-05 19:39:12 +01:00
Julius Härtl
e75809a5f7
Add setting to specify a different signature algorithm
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-02-13 16:01:03 +01:00
Frank Tröger
ee459c687c
fixed login with chrome browser
...
- fix 'environment-variable' login problem with chrome browser
- problem: using nextcloud behind apache2 mod_auth_mellon, chrome browser gets too many redirects
- description: nc_sameSiteCookiestrict is not sent by chrome, because of the origin POST request by idp and the 3xx redirects on nextcloud side
2020-01-28 20:01:47 +01:00
Soisik Froger
2313df0e00
use NameId format, name qualifier and name SP qualifier in SAML logout request (fixed SP qualifier typo)
...
Signed-off-by: Clément OUDOT <clement.oudot@worteks.com>
2019-12-16 16:59:48 +01:00
Clément OUDOT
04fcb5387b
use NameId format, name qualifier and name SP qualifier in SAML logout request
...
Signed-off-by: Clément OUDOT <clement.oudot@worteks.com>
2019-12-16 16:59:48 +01:00
Roeland Jago Douma
8888d5a9ad
Add counting to the user backend
...
This will allow reporting to also list the number of SAML users on the
instance.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-11-28 15:20:03 +01:00
Arthur Schiwon
f81d18c816
don't expose method for no reason
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-09-23 12:43:14 +02:00
Arthur Schiwon
c839dc1e73
decode objectGUID to their ASCII representation if
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-09-19 14:07:06 +02:00
Arthur Schiwon
3737d92d4b
prevent confirmation dialogs for passwordless users
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-06-28 18:29:36 +02:00
Frieder Schrempf
413c7a9239
Handle SLO logout requests from IdP via POST
...
Some IdPs send their SLO logout requests via POST. To handle
them we need to add an entry in the routing table.
Further, we need to hack around the issue, that php-saml only
handles GET by copying the request from $_POST to $_GET.
This solves #82 .
Signed-off-by: Frieder Schrempf <frieder.schrempf@online.de>
2019-06-17 18:56:55 +02:00
Dylann Cordel
f780006005
fix IDP-initiated Logout #334
...
Signed-off-by: Dylann Cordel <d.cordel@webu.coop>
2019-06-07 21:28:04 +02:00
Roeland Jago Douma
1c8b32c841
Use a prefix to obtain the nameid format
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-05-29 09:53:52 +02:00
Roeland Jago Douma
4e8ee3ae0a
Make NameIDFormat configurable
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-05-28 23:00:34 +02:00
Roeland Jago Douma
1365bf820d
Load a timezone file if no timezone is set
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-05-27 08:39:22 +02:00
blizzz
8b5733828e
Merge pull request #319 from nextcloud/fix/noid/user-search-parity
...
user search parity as with local users
2019-05-06 11:42:15 +02:00
Björn Schiessle
eb9f3ffb02
add additional debug output when reading attributes from the IDP
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2019-04-25 13:36:46 +02:00
Arthur Schiwon
12e8767baa
user search parity as with local users
...
* also take displayname and email into account
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-04-12 17:07:23 +02:00
Björn Schiessle
577f612267
Merge pull request #286 from nextcloud/fix-268
...
always create user in the SAML back-end and update the attributes
2019-01-24 14:58:11 +01:00
Arthur Schiwon
ec593bce13
user might be already known, but was not mapped yet. init on first login.
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-01-22 13:38:56 +01:00
rakekniven
4e82b97055
Fixed typo.
...
Reported at Transifex.
Signed-off-by: Mark Ziegler <mark.ziegler@rakekniven.de>
2019-01-19 22:30:10 +01:00
Björn Schiessle
0b0bfe94a2
create user in the SAML back-end and update the attributes when
...
the user was found on another back-end during login
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-12-18 16:54:27 +01:00
Björn Schiessle
e9f58dae96
sort idps alphabetically
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-12-12 20:22:03 +01:00
Björn Schiessle
d1d43d68f4
Merge pull request #279 from klada/userhome_sanity_check
...
Add sanity checks for user home directory
2018-11-27 17:32:58 +01:00
Björn Schiessle
6734601db8
Merge pull request #188 from nextcloud/dav_saml
...
Add sabredav plugin to register environment auth for dav requests
2018-11-27 11:55:28 +01:00
Daniel Klaffenbach
3b930d8628
Add sanity checks for user home directory
...
When the mapped user home is not a fully qualified path name we'll fall
back to setting the mapped home below the server's datadirectory. This
provides consistent behavior with the "user_ldap" app which uses the same
fallback/safety mechanism.
Signed-off-by: Daniel Klaffenbach <daniel.klaffenbach@hrz.tu-chemnitz.de>
2018-11-26 09:39:21 +01:00
Daniel Klaffenbach
624d1a23b9
Implement mapping of user's home directory
...
Signed-off-by: Daniel Klaffenbach <daniel.klaffenbach@hrz.tu-chemnitz.de>
2018-11-22 09:45:08 +01:00
Björn Schiessle
0aeaa0401a
Merge pull request #271 from nextcloud/better-error-messages
...
improve error messages in case SAML is not configured properly
2018-11-21 17:11:56 +01:00
Björn Schiessle
9790fbcb56
improve error messages in case SAML is not configured properly
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-11-20 17:34:46 +01:00
Robin Appelman
b7cab9d740
remove anonymous option handling
...
this was moved to core
Signed-off-by: Robin Appelman <robin@icewind.nl>
2018-11-20 15:12:51 +01:00
Robin Appelman
e123a8b984
set saml user as dav authenticated
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2018-11-20 15:12:51 +01:00
Robin Appelman
57c0a4d474
allow anonymous options request
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2018-11-20 15:12:51 +01:00