user_saml icon indicating copy to clipboard operation
user_saml copied to clipboard
verified publisher icon nextcloud

Unable to map multiple groups to a user.

Open pyhrr0 opened this issue 7 years ago • 2 comments

Steps to reproduce

  1. Set-up Nextcloud 15.
  2. Install/Enable the "SSO & SAML authentication" app.
  3. Configure the app to use the following environment variables: REMOTE_USER, REMOTE_USER_GROUPS.
  4. Configure your webserver to set the variables listed above.
    (e.g. REMOTE_USER=foo and REMOTE_USER_GROUPS=bar,baz)

Expected behaviour

Since the placeholder of user_saml's group-mapping option contains the following: Attribute to map the users groups to, I'd expect multiple groups to be supported.

Actual behaviour

Unfortunately the value inside of REMOTE_USER_GROUPS is treated as a literal string, and thus it's only possible to map a single group to a user.

Server configuration

Operating system: Debian 9.6

Web server: Nginx 1.10.3

Database: SQLite 2.8.17

PHP version: PHP 7.0

Nextcloud version: (see Nextcloud admin page) 15.0.0

Where did you install Nextcloud from: A tarball.

List of activated apps:

  • accessibility: 1.1.0
  • activity: 2.8.2
  • cloud_federation_api: 0.1.0
  • comments: 1.5.0
  • dav: 1.8.0
  • federatedfilesharing: 1.5.0
  • federation: 1.5.0
  • files: 1.10.0
  • files_pdfviewer: 1.4.0
  • files_sharing: 1.7.0
  • files_texteditor: 2.7.0
  • files_trashbin: 1.5.0
  • files_versions: 1.8.0
  • files_videoplayer: 1.4.0
  • firstrunwizard: 2.4.0
  • gallery: 18.2.0
  • logreader: 2.0.0
  • lookup_server_connector: 1.3.0
  • nextcloud_announcements: 1.4.0
  • notifications: 2.3.0
  • oauth2: 1.3.0
  • password_policy: 1.5.0
  • provisioning_api: 1.5.0
  • serverinfo: 1.5.0
  • sharebymail: 1.5.0
  • support: 1.0.0
  • survey_client: 1.3.0
  • systemtags: 1.5.0
  • theming: 1.6.0
  • twofactor_backupcodes: 1.4.1
  • updatenotification: 1.5.0
  • user_saml: 2.1.0
  • workflowengine: 1.5.0

Nextcloud configuration:

{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [ "***REMOVED SENSITIVE VALUE***"     ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "sqlite3",
        "version": "15.0.0.10",
        "overwrite.cli.url": "***REMOVED SENSITIVE VALUE***",
        "installed": true
    }
}

Client configuration

N.A.

Nextcloud log (data/owncloud.log)

N.A.

Browser log

N.A.

pyhrr0 avatar Jan 08 '19 15:01 pyhrr0

any updates from this? I'm trying with keycloak as SSO provider

joaopalma5 avatar Apr 15 '19 15:04 joaopalma5

I have the same issue - I can only use one group / role, no matter if I'm using one combined attribute or multiple group claims. Any idea how to fix this?

waza-ari avatar Nov 09 '20 13:11 waza-ari