user_saml [$40]

[Hans-Maulwurf]

I'm trying to get oc7 or oc8 working with user_saml. I set up two instances of simpleSAMLPhp (one IdP and one SP), the test works fine. But when i enable and config the user_saml app, i only get error nostate. I tried the workaround with the cookiename, but it didn't help. Is user_saml working with oc version > 6 at all?

thanks for ur help

[frthjf]

I'd like know that too. Is the app deprecated? If so, are there any plans to build an alternative?

[frthjf]

Some testing showed it seems to work so far in ownCloud 8, but I don't know the AssertionConsumerService value to redirect from IdP. Does anybody know it?

[rr-paras-patel]

@dudheit @Hans-Maulwurf if this issue still open can you elaborate in detail recently i tested it with OC-8.2. I don't face this situation

[frthjf]

It redirects to IdP and login seems to work fine. However, after login I am not sure how to configure the redirection back to the ownCloud (AssertionConsumerService). If I just put in https://my.owncloud.tld/ it shows the ownCloud login screen again. It seems that the login information does not get through to the ownCloud client. This might be problem with my configuration though.

[rr-paras-patel]

Two things you need to check :

1. IdP returns correct parameter https://simplesamlphp.org/docs/stable/simplesamlphp-sp#section_5
2. Please Set RelayState parameter to specify which URL will return after login
   add it to authsources.php:

'default-sp' => array(
    'saml:SP',
    'RelayState' => 'https://sp.example.org/welcome.php',
),

Also please confirm if you use Loadbalancer then sessionID(cookiename) should be same as instanceid local file based phpsession might not work i use memcache.

[pierreozoux]

Was it working for any of you?
If yes, then, it would be nice to update the status of this app :)

[frthjf]

So back in November when I was running into that issue, I actually gave up and used another SSO solution for that particular project. So unfortunately, I cannot confirm whether it eventually works now. However, for me I think it was a configuration issue and it is very likely that it might have worked out with the help of @patelparas (thanks for that). I can only conclude that the implementation of SAML login using that app was anything but easy.
If anybody is interested in figuring it out, I would be happy to release the bugbounty for a proper documentation at apps.owncloud.com.

[rr-paras-patel]

@dudheit @pierreozoux for me it is working fine keep in mind if you use ObjecGUID as uid then you need few changes. if you use long account or email address then you don't need any changes. even in my organization we have enabled both LDAP as well as SAML authentication. for this fix i created PR long time ago... (simple change) but still it is zombie PR.... #2169

[PVince81]

Would any of you guys mind testing the PR #2169 since you got the environment for it ? If it works for you and fixes the issue then it can be merged. Thanks.