pitbulk / apps Goto Github PK

I have tryed to autenticate owncloud 5 with CAS, the autentication with phpCAS works fine but the user is not autenticated on owncloud...

Owncloud LOG:

{"app":"cas","message":"Not found attribute used to get the username ("uid") at the requested cas xml response","level":0,"time":1363815537}
{"app":"cas","message":"Error trying to authenticate the user","level":0,"time":1363815537}

If you configure user_saml to force SAML authentication, every request will get redirected to the SAML IdP/WAYF. This causes every desktop/mobile client to break, because they get unexpected 302 responses.

I have applied a dirty fix that detects known client User-Agents and doesn't force the SAML login for them, but I'm pretty sure there has to be a cleaner way to do that.

Hi there

I have SSP installed as an SP and have successfully used the "test authentication sources" tab to confirm it is talking to our SSP IdP correctly - so I think the SSP framework is in place for user_saml to use correctly

However, when I enabled it, there were problems

1. saml_ssp_path in settings.php never worked. I had to hard-wire it into auth.php and user_saml.php to get past this problem.
2. after configuring it within owncloud successfully (enabled, checks mappings, etc), bringing up a fresh browser didn't show the SAML login form. I discovered that if I deliberately failed a login, then the new login form with SAML showed up!
3. after attempting to login via SAML, I get redirected to the IdP. I login, get redirected back to the owncloud SP and then the following error occurs

SimpleSAML_Error_NoState: NOSTATE
Backtrace:
2 /simplesamlphp-1.10.0/lib/SimpleSAML/Auth/State.php:232 (SimpleSAML_Auth_State::loadState)
1 /simplesamlphp-1.10.0/modules/saml/www/sp/saml2-acs.php:54 (require)
0 /simplesamlphp-1.10.0/www/module.php:135 (N/A)

I'm just using php sessions, and their contents show SSP data, so I think the cookies are OK...

Any ideas? This is CentOS-6 running php-5.3.18 and simplesamlphp-1.10.0 with owncloud-4.5.2

Thanks!

Jason

The application go into rediect loop after requireAuth function

The installation step are;

1. install simplesaml with sp and idp (two different installation)
2. configure the sp to point to the idp
3. Install ownCloud 6 with user_saml application
4. configure the service provider and owncloud to use the same cookie name

Reproduction step are:

1. Login on own cloud using the simple saml
2. Insert user ad password
3. The idp/sp redirect to owncloud application and come on loop

The installation it's was also tested on onwcloud 5 and work correctly.

i see this message when i try to enable the app, in the log there are this message:

"App can't be installed because the version in info.xml/version is not the same as the version reported from the app store"

its a problem with version 5?

I´ve tried several times to activate/deactivate the "force_saml_login" option but with no success. This parameter is always enabled after I activated it for the first time.
I had to update the value via SQL to fix this.
My OC versión is 5.0.13

Thanks for yout good work.
Regards.

Hi there

I just went to give it at go with owncloud-7.0.0beta1 and it doesn't work. I have successfully tested the local simplesamlphp is working by using the authentication tab: ie I successfully logged into the following using SAML

/simplesaml/module.php/core/authenticate.php?as=owncloud

...but I cannot get user_saml to work, it generates the following error when I click on the "SAML" login icon on the owncloud login page

SimpleSAML_Error_NoState: NOSTATE
Backtrace:
2 /var/www/simplesamlphp-1.11.0/lib/SimpleSAML/Auth/State.php:232 (SimpleSAML_Auth_State::loadState)
1 /var/www/simplesamlphp-1.11.0/modules/saml/www/sp/saml2-acs.php:54 (require)
0 /var/www/simplesamlphp-1.11.0/www/module.php:135 (N/A)

The ssp logfile contains

Jul 03 23:04:06 simplesamlphp DEBUG [f4a391ed9b] Saved state: '_03e0a99918462db5e084df01b09ffbf5bc65cfea31'
Jul 03 23:04:07 simplesamlphp DEBUG [06fa91c968] Loading state: '_03e0a99918462db5e084df01b09ffbf5bc65cfea31'

which does imply it saved state and loaded it - so I suppose there's been some code change in owncloud-7 that user_saml doesn't handle?

Thanks

Hi there

I have downloaded and unpacked user-saml into apps, but as admin I cannot enable it. I have tried under Firefox and Chrome and neither can enable the app (shows as version 0.2).

I can enable/disable other apps - it's just this one that doesn't work. Dumping the SQL database shows only one line referring to user-saml - but it doesn't say "0.2" like it should..

INSERT INTO "oc_appconfig" VALUES('user_saml','installed_version','');

If I edit that and put '0.2' in, then I get an actual error page ("error while enabling app") when I try to enable it.

This is on a CentOS-6 server

Jason

How do I configure the AssertionConsumerService redirection from IdP to owncloud installation?

Hi there

Now that I have SAML working, I now realise it "only" works from web browsers - not the Windows/Mac/phone apps. There are two ways that could be solved, one is to update all the client software to be able to support SAML, and the other is to "forge" SAML by doing it from the server. ie you send your SAML creds in the standard login form, and new code does a "SAML login" into the IdP, records (statefully) how long the returned token is valid for, and then that username/password pair (via a hash of course) is compared against the cache for the lifetime of the token. I know that 100% violates SAML design - but if you are running owncloud for your own IdP organization, it really isn't increasing risk(?)

Just a thought :-)

Jason

When a user connects to ownCloud via his CAS account,
a user is correctly created and a password is generated.

But the user cannot know that password because it's encrypted,
nor change it, because he just don't know his password.

So I propose to create a file during user creation with CAS in ownCloud database
that contains the user password uncrypted, so the CAS user can connect with ownCloud
desktop or mobile client