-
Notifications
You must be signed in to change notification settings - Fork 34
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Extends provisioning of users #502
Extends provisioning of users #502
Conversation
This looks like everything I want from this plugin. Especially the ability to pass groups and have them updated later is high on my wishlist. Is there anything I can do to help this along? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me, I like especially the group-updating.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wow this is awesome.
A few remarks though.
I'll try this in a real setup soon.
Oh and could you rebase on master? |
@MarvinOehlerkingCap Thanks for the changes. Missing things:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We're getting there. Apart from the inline comment, it looks good to me.
Could you rebase on master?
You will have to adjust to the @nextcloud/vue
bump with the new component names.
I can do the rebase if you prefer.
Side note: I got some 500 responses from Keycloak when setting user attributes of type JSON that don't have the object keys between parenthesis. Not our problem it but might be tricky to debug for admins. |
4d92ac3
to
7e258e2
Compare
- groupProvisioning (This will create and update the users groups depending on the groups claim in the id token.) - mappingGroups (Claim in the idToken which will be used for provisiong of groups.) - providerBasedId (Use provider identifier as prefix for ids.) - bearerProvisioning (This automatically provisions the user, when sending API and WebDav Requests with a Bearer token. Auto provisioning and Bearer token check have to be activated for this to work.) Some code improvements: -Moved provisioning code from Controller to a separate service Signed-off-by: Marvin Öhlerking <marvin.oehlerking@capgemini.com>
48501aa
to
88cd62a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the rebase and adjustments.
One more small change 😁.
Also, @juliushaertl, could you make a quick additional review?
Signed-off-by: Marvin Öhlerking <marvin.oehlerking@capgemini.com>
@julien-nc any update on this? |
Yet another user excited by this PR. |
Hey, when will this be merged? I need that grouping asap 😄 |
Where would the integration docs be located? I managed to integrate our software with Nextcloud using this plugin and would like to add my notes there. Basically: you need to pass the data for the provisioned user as part of the |
I used the current main branch and merged this PR. I was able to build a new version with Now I have a hosted nextcloud in which I cannot easily installed custom apps. I may get shell-access or some help with that, but I would prefer having a released version with this PR merged. I also want the other fixes that went into the main branch. Is it possible to do a merge and a release of this? How can I help to see this done? |
pinging @juliushaertl for approve/merge |
Tested and works. Thanks a lot for this awesome contribution. |
Thank you for the merge, this means a lot to me, @juliushaertl. I saw that the actions on main all passed successfully. 🎉 |
I'll check this with @julien-nc on if there are any other pending topics, but then I'd see no blocker for a release :) |
Hello everyone, thank you very much for this feature. I implemented it on my side but I get the following error in the logs:
|
For anyone else having this problem, check that you have the correct OIDC scopes requested. In my case it solved the problem. |
Hello, I install
I cannot find, neither in the doc, neither in Could you help @juliushaertl? |
@yscialom You definitley can set it via nextcloud config like this maybe also via occ. did you tried id? "user_oidc": { |
@arnegns
I find it regrettable though to have to "guess" or "find" what my newly created provider name (here |
Hi, could anybody help me to map an existing group in NC to a group in IdP? For example if I have a group in my IdP called Administrator, and I want this group to be mapped to the default group admin in NC. Is it somehow possible? Or at least be able to automatically give my group Administrator admin permissions? I am already receiving the groups in the token and I see them provisioned to the user, but I am not sure about mapping admin to Administrator (for example). Is it only doable using a custom mapper in IdP, or can it be solved in a simpler way? |
AFAIK real mapping to existinging (eg admin) nextcloud groups is not possible for now. I have this problem, too, that i need an extra admin account to manage my nextcloud, which is not provided via keycloak. |
Thank you for you reply, @chamabreu. I guess if we write a simple custom protocol mapper, which converts Administrator group to admin in the groups claim, can achieve what we want. Doesn't it? The other option is simply implementing a field called admin IdP group(s), which is used to tell which group of IdP can be handled as admin. |
This PR adds functionality for auto provision user when accessing API and WebDav with Bearer token.
New settings for provider:
Some code improvements: