pulsejet / nextcloud-oidc-login

Nextcloud login via a single OpenID Connect 1.0 provider
https://apps.nextcloud.com/apps/oidc_login
GNU Affero General Public License v3.0
234 stars 63 forks source link

Problem with login_filter #287

Open Iwios opened 3 months ago

Iwios commented 3 months ago

Hello, I have a Nextcloud plug in my Keycloak

I try to filter connexions with a filter value.

But with my configuration, I have this error:

Access to this service is not allowed because you do not have one of the allowed login filter values. If you think this is an error, contact your administrator.

'oidc_login_client_id' => 'test', // Client ID: Step 1 'oidc_login_client_secret' => 'MySecret', // Client Secret: Got to Clients -> Client -> Credentials 'oidc_login_provider_url' => 'https://keycloak.fqdn.fr/realms/My_REALMS', 'oidc_login_end_session_redirect' => true, // Keycloak 18+ 'oidc_login_logout_url' => 'https://keycloak.fqdn.fr/apps/oidc_login/oidc', // Keycloak 18+ 'oidc_login_disable_registration' => false, //'oidc_login_auto_redirect' => true, //'oidc_login_redir_fallback' => true, 'oidc_login_attributes' => array( 'id' => 'preferred_username', 'mail' => 'email', 'login_filter' => 'realm_access_roles', ), 'oidc_login_code_challenge_method' => 'S256', 'oidc_login_filter_allowed_values' => array('default-roles-access'),

This is my configuration for my user:

image

Iwios commented 2 months ago

Ok I have found solution and work!

I have another question, I try to use filter login with a role in the client level and not in realm level.

I try to do this: 'login_filter' => 'resource_access',

But didn't work.

The plugin allow the filter base on role in client level?

Iwios commented 2 months ago

Ok I find the solution. My problem is the mapper client role token was not configured correctly. I need to valid like this:

Capture d’écran du 2024-08-25 00-25-08

Iwios commented 2 months ago

I have last question: Can we put user in admin group based on client role?