Users created through SSO/SAML authentication aren't recognized as new users

[prasunakunasani]

If a user account is created through SAML (https://apps.nextcloud.com/apps/user_saml), they are not recognized as part of 'Set Auto Group membership on user creation').

Therefore, the Auto Group is not assigned to the user upon profile creation.

[stjosh]

Hi, thanks for your interest in this app. As this is s hobby project and since I do not have any test setup with SAML/SSO, I cannot afford to investigate issues related to SAML authentication or generally cross-compatibility with other apps.

The only tested setup is using auto_groups together with Nextcloud‘s built-in user management / login system.

I am happy, though, to accept contributions that fix issues related to other apps as long as these fixes don‘t break the app’s core functionality.

For your specific issue, maybe you have the chance to assign automatic groups in the master user system that is used for SSO?

Thanks for your understanding.

[dermalikmann]

Just today i ran into the same issue. To be precise, it seems that neither the creation nor the login hook seem to be run when using an SAML/SSO user. As auto_groups just uses the default nextcloud even hooks, this seems to be a problem of user_saml instead of auto_groups Ill investigate this a little further, and report back here.

[stjosh]

Many thanks @dermalikmann . Note that we had a similar thing in #42 - it seemed to have worked for sone time, but maybe things have changed again?

[Pyttsen]

This seems to be an issue with 1.5.3, when rolling back to 1.5.2 it works (tested with Nextcloud 27.1.9.1 and user_saml 5.2.7).

[stjosh]

Hi @Pyttsen - thanks, that's interesting! I have changed the event for the "new users" even from "UserLoggedIn"-Event to "PostLoginEvent". Maybe, SSO/SAML only sends the former...

75 seems to address this issue, however, it's not complete as the tests are failing. Maybe, @dermalikmann or someone else is able to complete this PR to make it go through the tests? I'd happily merge it then.

https://github.com/nextcloud/user_saml/pull/851 addresses the same issue on the SSO/SAML side, but that PR is incomplete, too, and won't be merged in that state I assume.

[elainabialkowski]

Hello!

Some clients I'm working for are looking for a feature that auto_groups solves, but require SSO/SAML login. If there's any way I can help move this along, I'd love to volunteer. I can try and get those tests running.

Would the user_saml PR also have to be completed and merged before things worked?

EDIT: Just noticed there's a PR to add the dispatching of PostLoginEvent.

[stjosh]

Hi @elainabialkowski, thanks for stepping in! As I had mentioned elsewhere, I‘ll gladly accept PRs that are reported to fix the combination of auto_groups and SAML/SSO as long as the core functionality of auto_groups is not affected / degraded and as long as the code of auto_groups is not bloated to make the combination work. Personally, I do neither have the time nor do I have a SAML/SSO setup to investigate/fix the combination.

PostLoginEvent dispatching sounds like a perfect, simple candidate to get it running, though. I‘d like it best, since it leaves auto_groups as it is. 😉

Feel free to report back as soon as you have made progress.