From ae1d7c785fed6c914710ac943ba0555c824d0111 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Wed, 26 Feb 2025 09:49:32 +0100 Subject: [PATCH] Solved OIDC sociallogin bug --- group_vars/all/07_applications.yml | 2 +- roles/docker-nextcloud/README.md | 5 +++++ roles/docker-nextcloud/tasks/sociallogin.yml | 5 +++-- roles/docker-nextcloud/templates/oidc.config.php.j2 | 6 +++--- 4 files changed, 12 insertions(+), 6 deletions(-) diff --git a/group_vars/all/07_applications.yml b/group_vars/all/07_applications.yml index 6456626c..4a256363 100644 --- a/group_vars/all/07_applications.yml +++ b/group_vars/all/07_applications.yml @@ -252,7 +252,7 @@ defaults_applications: # Available options: oidc_login, sociallogin # @see https://apps.nextcloud.com/apps/oidc_login # @see https://apps.nextcloud.com/apps/sociallogin - flavor: "oidc_login" # Keeping on sociallogin because the other option is not implemented yet + flavor: "sociallogin" # Keeping on sociallogin because the other option is not implemented yet force_import: False # Forces the import of the LDIF files database: central_storage: True diff --git a/roles/docker-nextcloud/README.md b/roles/docker-nextcloud/README.md index e30005ad..44df2977 100644 --- a/roles/docker-nextcloud/README.md +++ b/roles/docker-nextcloud/README.md @@ -94,6 +94,11 @@ docker-compose exec -it -u www-data application /var/www/html/occ ``` ### User Administration +#### Create user via CLI +```bash +docker compose exec -it -u www-data application php occ user:add {{username}} +``` + #### Make user admin via cli ```bash docker compose exec -it -u www-data application php occ group:adduser admin {{username}} diff --git a/roles/docker-nextcloud/tasks/sociallogin.yml b/roles/docker-nextcloud/tasks/sociallogin.yml index 9e6776d3..7f20b5ab 100644 --- a/roles/docker-nextcloud/tasks/sociallogin.yml +++ b/roles/docker-nextcloud/tasks/sociallogin.yml @@ -3,7 +3,7 @@ - name: Flush all handlers immediately so that occ can be used meta: flush_handlers -- name: enable oidc_login plugin +- name: disable oidc_login plugin command: "docker exec -u www-data {{nextcloud_application_container_name}} {{nextcloud_docker_path}}occ app:disable oidc_login" ignore_errors: true when: @@ -22,6 +22,7 @@ - name: Configure Sociallogin loop: "{{ nextcloud_sociallogin_configuration}}" + # The | to_json function is necessary to escape custom_providers correct. command: > docker exec -u www-data {{ nextcloud_application_container_name }} - php occ config:app:set {{ item.appid }} {{ item.configkey }} --value "{{ item.configvalue }}" \ No newline at end of file + php occ config:app:set {{ item.appid }} {{ item.configkey }} --value '{{ item.configvalue | to_json if item.configvalue is mapping else item.configvalue }}' \ No newline at end of file diff --git a/roles/docker-nextcloud/templates/oidc.config.php.j2 b/roles/docker-nextcloud/templates/oidc.config.php.j2 index aed085b1..3cd94fe0 100644 --- a/roles/docker-nextcloud/templates/oidc.config.php.j2 +++ b/roles/docker-nextcloud/templates/oidc.config.php.j2 @@ -14,7 +14,7 @@ return array ( 'oidc_login_client_secret' => '{{oidc.client.secret}}', // Automatically redirect the login page to the provider - 'oidc_login_auto_redirect' => false, + 'oidc_login_auto_redirect' => true, // Redirect to this page after logging out the user 'oidc_login_logout_url' => 'https://{{domains[application_id]}}', @@ -23,7 +23,7 @@ return array ( // logout endpoint of the OIDC provider after logout // in Nextcloud. After successfull logout the OIDC // provider will redirect back to 'oidc_login_logout_url' (MUST be set). - 'oidc_login_end_session_redirect' => false, + 'oidc_login_end_session_redirect' => true, // Quota to assign if no quota is specified in the OIDC response (bytes) // @@ -38,7 +38,7 @@ return array ( 'oidc_login_hide_password_form' => true, // Use ID Token instead of UserInfo - 'oidc_login_use_id_token' => false, + 'oidc_login_use_id_token' => true, // Attribute map for OIDC response. Available keys are: // * id: Unique identifier for username