While i was trying to setup open cloud with OIDC i noticed the doc at https://docs.opencloud.eu/docs/admin/configuration/authentication-and-user-management/external-idp/ is outdated/incomplete/wrong.
I found the following issue:
IDP_DOMAIN and IDP_ISSUER_URL have to be set- propably a good idea to add an example to
IDP_DOMAIN, to avoid that the user (like me) adding a https:// before the domain. Otherwise login fail due to csp.
- client id and scopes have to be set, even if the doc claim they are not changeable (
WEBFINGER_WEB_OIDC_CLIENT_ID WEBFINGER_WEB_OIDC_CLIENT_SCOPES WEBFINGER_IOS_OIDC_CLIENT_ID WEBFINGER_IOS_OIDC_CLIENT_SCOPES WEBFINGER_ANDROID_OIDC_CLIENT_ID WEBFINGER_ANDROID_OIDC_CLIENT_SCOPES WEBFINGER_DESKTOP_OIDC_CLIENT_ID WEBFINGER_DESKTOP_OIDC_CLIENT_SCOPES). At matrix chat was also mention that the desktop do no support it yet, but the variable already exist
- if using docker,
idm/external-idp.yml have to be added to COMPOSE_FILE at the .env
- if using docker,
OC_EXCLUDE_RUN_SERVICES and all the here mention oicd related variables are not used at the docker-compose. so the user have to edit the docker-compose and not only the .env file.
- doc should mention that oicd server, should have set token to jwt. see also #1578
However I still was not able to get it working,
since i am now hitting issues with roles, even if i set PROXY_ROLE_ASSIGNMENT_DRIVER to default.
Overall i would say that setting OICD up is pretty complicated (probably mainly due the outdated doc).
see also https://matrix.to/#/!MXIMfhTMMRFPuXSKJZ:matrix.org/$T2CuvD4fcwsSErjyJuxafezBaNAskx9kIL5KgPj8D5Q?via=chat.opencloud.eu&via=matrix.org&via=tchncs.de
While i was trying to setup open cloud with OIDC i noticed the doc at https://docs.opencloud.eu/docs/admin/configuration/authentication-and-user-management/external-idp/ is outdated/incomplete/wrong.
I found the following issue:
IDP_DOMAINandIDP_ISSUER_URLhave to be setIDP_DOMAIN, to avoid that the user (like me) adding ahttps://before the domain. Otherwise login fail due to csp.WEBFINGER_WEB_OIDC_CLIENT_IDWEBFINGER_WEB_OIDC_CLIENT_SCOPESWEBFINGER_IOS_OIDC_CLIENT_IDWEBFINGER_IOS_OIDC_CLIENT_SCOPESWEBFINGER_ANDROID_OIDC_CLIENT_IDWEBFINGER_ANDROID_OIDC_CLIENT_SCOPESWEBFINGER_DESKTOP_OIDC_CLIENT_IDWEBFINGER_DESKTOP_OIDC_CLIENT_SCOPES). At matrix chat was also mention that the desktop do no support it yet, but the variable already existidm/external-idp.ymlhave to be added toCOMPOSE_FILEat the.envOC_EXCLUDE_RUN_SERVICESand all the here mention oicd related variables are not used at the docker-compose. so the user have to edit the docker-compose and not only the.envfile.However I still was not able to get it working,
since i am now hitting issues with roles, even if i set
PROXY_ROLE_ASSIGNMENT_DRIVERtodefault.Overall i would say that setting OICD up is pretty complicated (probably mainly due the outdated doc).
see also https://matrix.to/#/!MXIMfhTMMRFPuXSKJZ:matrix.org/$T2CuvD4fcwsSErjyJuxafezBaNAskx9kIL5KgPj8D5Q?via=chat.opencloud.eu&via=matrix.org&via=tchncs.de