[Owncloud] SSO solution and sync clients authentication (OC 5.0.7, user_saml)

alen vodopijevec alen at irb.hr
Wed Jun 26 10:16:05 UTC 2013 

Dear OwnCloud-ers,

we have a test implementation of Owncloud instance at our institution 
(since ver. 4.5.0). So far a dozen of our users happily share their 
files and collaborate. "user_saml" is working fine with OC 5.0.7.

Current system specification:
--
1. Owncloud ver. 5.0.7 on Debian GNU Linux system (simplesaml sP)
2. A few standard plugins
3. user_saml plugin (with couple of adjustments regarding user 
filtering) for authentication through our national authentication and 
authorization system AAI at EduHr (http://www.aaiedu.hr)
--

I'm experimenting with sync client (1.3.0) but there is catch. When user 
authenticates (user_saml) for the first time he/she gets a new record on 
"oc_users" table with random password -> OK.. simplesamlphp manages user 
login, so system password is not used for web logins.


PROBLEM:
Users cannot use sync clients because they don't know their random 
system password and they cannot even change it because of the same 
issue.. Admin user can change other user passwords (after applying patch 
https://github.com/owncloud/core/commit/563f343291fb5d0292c66cb761a053557bfdae47) 
.. thats ok but it's not the real solution.


SIMILAR PROBLEM SOLVED:
So, our academic community is using similar system (SRCE GSS 
http://gss.srce.hr): Pithos (https://okeanos.grnet.gr/services/pithos/) 
.. and there is solution for generating (and it's shown to user) random 
password/token which is valid for 30 days for authentication through 
WebDav service. Ordinary web authentication still goes through 
simplesamlphp.


I'm interested in your opinions about adding the option for generating 
random user password and showing it to him/her so they can configure 
their sync clients.

Also, what is the future of the user_saml plugin, I think that we could 
contribute but I will probably need some assistance? How many of you are 
using it?


Thanks in advance!

Cheers!
alen
--
Rudjer Boskovic Institute Library
http://lib.irb.hr/web/en.html
http://www.irb.hr/eng

More information about the Owncloud mailing list