Closed michielbdejong closed 1 year ago
I'm trying to compose a list of moving parts. I think for globalsiteselector and user_saml our PRs have been merged now. Then we have https://github.com/nextcloud/server/pull/35555 And https://github.com/pondersource/server/tree/feat/mfaverified-check (no PR opened yet?) And https://github.com/pondersource/mfaverifiedzone I'll see if I can get the gss flow working with those.
i'll install both mfachecker and mfaverifiedzone.
Latest status, after running composer install on the mounted apps: the setup is apparently not completed for sunet-nc1, maybe the composer command exited unsuccessfully? will continue debugging tomorrow.
Next problem:
cd servers
./setup-saml.sh
[...]
chowning /var/www/html/config on sunet-nc2
Configuring user_saml on sunet-nc2
OCI runtime exec failed: exec failed: unable to start container process: exec: "./init-nc2-local-saml.sh": stat ./init-nc2-local-saml.sh: no such file or directory: unknown
gitpod-init.sh now reports:
3 errors occurred:
* Error response from daemon: pull access denied for apache-php, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
* Error response from daemon: pull access denied for sunet-nextcloud, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
* Error response from daemon: pull access denied for simple-saml-php, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
Fixed...
Next error (in GUI): apps folder is not writable
Ah, this commit line was breaking everything!
curl -k https://sunet-nc2/index.php/apps/user_saml/saml/metadata
<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
validUntil="2023-03-15T13:53:31Z"
cacheDuration="PT604800S"
entityID="https://sunet-nc2/index.php/apps/user_saml/saml/metadata">
<md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://sunet-nc2/index.php/apps/user_saml/saml/acs"
index="1" />
</md:SPSSODescriptor>
"This version of Nextcloud is not compatible with PHP > 8"
![Uploading Screenshot 2023-03-16 at 10.55.35.png…]()
Ah, that one is fixed with a restart, progress!
I renamed 'mfaresterictedzone__tag' to 'mfazone' and 'MFA Verified ... is not verified' to 'multi-factor authentication ... is not verified'
You can "verify MFA" and be in an "MFA verified" state, but you can not "verify MFA verified" :)
Hm, i'm not seeing my change yet in the UI:
And I'll also publish it to the app store
I'm back at metadata not found:
oh, I think this is because HTTP / HTTPS :information_source:
It seems the SSP is not configured for HTTPS and it can just find the configuration by HTTP schema
I linked to the new app repo in https://github.com/pondersource/nextcloud-mfa-awareness and created #37.
Now I'm trying this out on GitPod and updating the readme instructions as I go along.