[Owncloud] SSO solution and sync clients authentication (OC 5.0.7, user_saml)
Tornóci László
tornoci.laszlo at med.semmelweis-univ.hu
Wed Jun 26 10:46:37 UTC 2013
On 06/26/2013 12:16 PM, alen vodopijevec wrote:
> Dear OwnCloud-ers,
>
> we have a test implementation of Owncloud instance at our institution
> (since ver. 4.5.0). So far a dozen of our users happily share their
> files and collaborate. "user_saml" is working fine with OC 5.0.7.
>
> Current system specification:
> --
> 1. Owncloud ver. 5.0.7 on Debian GNU Linux system (simplesaml sP)
> 2. A few standard plugins
> 3. user_saml plugin (with couple of adjustments regarding user
> filtering) for authentication through our national authentication and
> authorization system AAI at EduHr (http://www.aaiedu.hr)
> --
>
> I'm experimenting with sync client (1.3.0) but there is catch. When user
> authenticates (user_saml) for the first time he/she gets a new record on
> "oc_users" table with random password -> OK.. simplesamlphp manages user
> login, so system password is not used for web logins.
>
>
> PROBLEM:
> Users cannot use sync clients because they don't know their random
> system password and they cannot even change it because of the same
> issue.. Admin user can change other user passwords (after applying patch
> https://github.com/owncloud/core/commit/563f343291fb5d0292c66cb761a053557bfdae47)
> .. thats ok but it's not the real solution.
I think there is a simple solution, if you have access to the LDAP that
is the backend to the identity provider service. Simply untick the
"Autocreate user after SAML login" and set up LDAP auth too. The first
prevents the creation of a record in oc_users. The second provides you
auth for webdav services. This setup works for me quite well.
Yours: Laszlo
More information about the Owncloud
mailing list