kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-03-31 14:24:16 +02:00
Code Issues Packages Projects Releases Wiki Activity

Optimized OIDC for Nextcloud

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-02-25 19:59:58 +01:00
parent 72b787814e
commit 61eb9a3aed
4 changed files with 77 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
group_vars/all/07_applications.yml
View File

@ -252,7 +252,7 @@ defaults_applications:
# Available options: oidc_login, sociallogin
# @see https://apps.nextcloud.com/apps/oidc_login
# @see https://apps.nextcloud.com/apps/sociallogin
flavor: "sociallogin" # Keeping on sociallogin because the other option is not implemented yet
flavor: "oidc_login" # Keeping on sociallogin because the other option is not implemented yet
force_import: False # Forces the import of the LDIF files
database:
central_storage: True

65
roles/docker-keycloak/templates/import/realm.json.j2
View File

@ -1192,6 +1192,39 @@
}
]
},
{
"id": "15dd4961-5b4f-4635-a3f1-a21e1fa7bf3a",
"name": "nextcloud",
"description": "",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "false",
"display.on.consent.screen": "true",
"gui.order": "",
"consent.screen.text": ""
},
"protocolMappers": [
{
"id": "62190b21-f649-4aa2-806a-2bf7ba103ce1",
"name": "nextcloudQuota",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"aggregate.attrs": "false",
"introspection.token.claim": "true",
"multivalued": "false",
"userinfo.token.claim": "true",
"user.attribute": "nextcloudQuota",
"id.token.claim": "true",
"lightweight.claim": "false",
"access.token.claim": "true",
"claim.name": "nextcloudQuota",
"jsonType.label": "int"
}
}
]
},
{
"id": "c07f07bc-c4f9-48c7-87e6-0a09fca6bfa0",
"name": "web-origins",
@ -1584,6 +1617,7 @@
"basic"
],
"defaultOptionalClientScopes": [
"nextcloud",
"offline_access",
"address",
"phone",
@ -1790,6 +1824,35 @@
]
}
},
{
"id": "12b99578-e0bf-4eeb-b0fb-8e400c0cd73e",
"name": "nextcloudQuota",
"providerId": "user-attribute-ldap-mapper",
"subComponents": {},
"config": {
"ldap.attribute": [
"nextcloudQuota"
],
"is.mandatory.in.ldap": [
"false"
],
"attribute.force.default": [
"false"
],
"is.binary.attribute": [
"false"
],
"always.read.value.from.ldap": [
"false"
],
"read.only": [
"false"
],
"user.model.attribute": [
"nextcloudQuota"
]
}
},
{
"id": "1ffab19c-4aeb-4038-a3e4-6444254fdd53",
"name": "modify date",
@ -1987,7 +2050,7 @@
"false"
],
"userObjectClasses": [
"person, inetOrgPerson"
"person, inetOrgPerson, nextcloudUser"
],
"rdnLDAPAttribute": [
"uid"

16
roles/docker-ldap/templates/ldif/schema/01_nextcloud.schema.ldif
View File

@ -3,11 +3,17 @@
dn: cn=nextcloud,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: nextcloud
olcAttributeTypes: ( 1.3.6.1.4.1.99999.1 NAME 'nextcloudQuota'
olcAttributeTypes: ( 1.3.6.1.4.1.99999.1
NAME 'nextcloudQuota'
DESC 'Quota for Nextcloud'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} )
olcObjectClasses: ( 1.3.6.1.4.1.99999.2 NAME 'nextcloudUser'
EQUALITY integerMatch
ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
)
olcObjectClasses: ( 1.3.6.1.4.1.99999.2
NAME 'nextcloudUser'
DESC 'Auxiliary class for Nextcloud attributes'
AUXILIARY
MAY ( nextcloudQuota ) )
MAY ( nextcloudQuota )
)

2
roles/docker-nextcloud/templates/docker-compose.yml.j2
View File

@ -9,7 +9,7 @@ services:
container_name: {{nextcloud_application_container_name}}
volumes:
- data:{{nextcloud_docker_path}}
{% if applications[application_id].oidc.flavor == "login" %}
{% if applications[application_id].oidc.flavor == "oidc_login" %}
- {{nextcloud_host_oidc_login_path}}:{{nextcloud_docker_oidc_login_config_path}}:ro
{% endif %}
healthcheck: