feat(settings): optional config option for sp entityId #932
Conversation
|
@sniegel-mind4bytes hey and thanks for your contribution! Could you elaborate where the current mechanism does not meet your needs? |
For me to have the SAML authentication work with Keycloak I have to use https://example.com/apps/user_saml/saml/metadata as the clientId for the SAML client on Keycloak. Instead of using the URL as clientId I would like to use something like "nextcloud". The issue extends a bit further as I have to use a single Keycloak for multiple staging environments. Hence the clientId should be something like, "test-nextcloud" or "prod-nextcloud". Indeed that would work with the current implementation of user_saml as the URLs differ for each stage. The thing is, nextcloud is the only SAML client requiring the URL as clientId. All the others give me the flexibility to use whatever clientId I like. Therefore I thought it would be great to give admins the same flexibility with user_saml as well. For those with no need, everything stays the same, as it is no requirement to set this config option, making this change completely backward compatible. |
sniegel-mind4bytes
force-pushed
the
master
branch
from
ba47c5a to
0c1523b
Compare
|
@blizzz: Hi, any update? Let me know in case I can do something to push this pr further. |
|
Hello there, We hope that the review process is going smooth and is helpful for you. We want to ensure your pull request is reviewed to your satisfaction. If you have a moment, our community management team would very much appreciate your feedback on your experience with this PR review process. Your feedback is valuable to us as we continuously strive to improve our community developer experience. Please take a moment to complete our short survey by clicking on the following link: https://cloud.nextcloud.com/apps/forms/s/i9Ago4EQRZ7TWxjfmeEpPkf6 Thank you for contributing to Nextcloud and we hope to hear from you soon! (If you believe you should not receive this message, you can add yourself to the blocklist.) |
|
Hey @sniegel-mind4bytes, thanks for your patience (been off before and had a lot going on then) and for your explanation. Makes sense, I concur! |
|
@sniegel-mind4bytes when i set the entityid it works, but when i unset it again, I run into an internal server error with |
Hi @blizzz, yes indeed the key is still present, but empty. I just figured out that the ?? checks only for null and not falsy. I added a check that the array key exists, as well as that it is not null/empty (including whitespaces). Otherwise the default logic will be applied. |
|
Hi @blizzz , any update on this PR? Please let me know when I have any pending workitem. Thx! |
Signed-off-by: Sebastian Niegel <[email protected]>
Signed-off-by: Sebastian Niegel <[email protected]>
…essages Signed-off-by: Sebastian Niegel <[email protected]>
…ing of config option Signed-off-by: Sebastian Niegel <[email protected]>
|
@sniegel-mind4bytes Again apologies for the delay, and thank you for your contribution! |
2 participants
Right now the service provider entityId is always generated based on the nextcloud instance URL. At least Keycloak relies on that entityId to resolve the corresponding SAML2 client. This PR introduces a new optional config option to allow the admin to set a different service provider entityId manually. If no manual configuration is done, the current behavior remains as the default.