On 06/26/2013 12:16 PM, alen vodopijevec wrote:
Dear OwnCloud-ers,
we have a test implementation of Owncloud instance at our institution
(since ver. 4.5.0). So far a dozen of our users happily share their
files and collaborate. "user_saml" is working fine with OC 5.0.7.
Current system specification:
--
1. Owncloud ver. 5.0.7 on Debian GNU Linux system (simplesaml sP)
2. A few standard plugins
3. user_saml plugin (with couple of adjustments regarding user
filtering) for authentication through our national authentication and
authorization system AAI@EduHr (http://www.aaiedu.hr)
--
I'm experimenting with sync client (1.3.0) but there is catch. When user
authenticates (user_saml) for the first time he/she gets a new record on
"oc_users" table with random password -> OK.. simplesamlphp manages user
login, so system password is not used for web logins.
PROBLEM:
Users cannot use sync clients because they don't know their random
system password and they cannot even change it because of the same
issue.. Admin user can change other user passwords (after applying patch
https://github.com/owncloud/core/commit/563f343291fb5d0292c66cb761a053557bfdae47)
.. thats ok but it's not the real solution.
I think there is a simple solution, if you have access to the LDAP that
is the backend to the identity provider service. Simply untick the
"Autocreate user after SAML login" and set up LDAP auth too. The first
prevents the creation of a record in oc_users. The second provides you
auth for webdav services. This setup works for me quite well.
Yours: Laszlo
_______________________________________________
Owncloud mailing list
[email protected]
https://mail.kde.org/mailman/listinfo/owncloud
