Open kleinem86 opened 4 years ago
I just scrolled through other Issues and realized this is essentialy a duplicate of #80 which is 2 years old now. Should not be too hard to implement imho, because this is a functionality which was definitely available in an older version of the user_saml app.
Hi,
I provide an answer in this old post, because, this post is always found on Google without real solution.
Based on this workaround .
I can use SSO when users have Kerberos ticket in office and standard credential when users is connected out of office. The configuration used on my Apache server for authentication is :
<Location "/index.php/apps/user_saml/saml/login">
AuthType GSSAPI
AuthName "Single Sign On Login"
GssapiCredStore keytab:/etc/httpd/keytab/nextcloud.keytab
GssapiUseSessions On
GssapiLocalName On
Session On
SessionCookieName gssapi_session path=/gssapi;httponly;secure;
require valid-user
ErrorDocument 401 '<meta http-equiv="refresh" content="0; URL=/index.php/login?direct=1">'
</Location>
If workaround describe above can help us, so it's a good new :)
Steps to reproduce
Expected behaviour
The SSO configuration Tab does offer the "allow multiple back ends" configuration option. So users on non-domain devices can log in by typing in their credentials.
Actual behaviour
The SSO configuration Tab does not offer the "allow multiple back ends" configuration option. This effectively renders users on non-domain joined devices unable to log in anymore.
Server configuration
Nextcloud version: 17
List of activated apps: user_saml
Apache configuration:
Apache logs:
non-domain joined device
domain joined device