From a06077f755e0255fa1e83edc7c2cfe6ad621e14e Mon Sep 17 00:00:00 2001 From: Carl Schwan Date: Mon, 11 Aug 2025 17:57:01 +0200 Subject: [PATCH] fix(saml): Make the SAML config works with the default config Signed-off-by: Carl Schwan --- docker-compose.yml | 1 + docker/configs/var-simplesamlphp/config/config.php | 2 +- .../var-simplesamlphp/metadata/saml20-sp-remote.php | 10 +++++----- docs/services/sso.md | 6 +++--- 4 files changed, 10 insertions(+), 9 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index d2ed7a54..e2945a64 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -41,6 +41,7 @@ services: - stable30${DOMAIN_SUFFIX} - stable31${DOMAIN_SUFFIX} - mail${DOMAIN_SUFFIX} + - sso${DOMAIN_SUFFIX} - imap${DOMAIN_SUFFIX} - collabora${DOMAIN_SUFFIX} - codedev${DOMAIN_SUFFIX} diff --git a/docker/configs/var-simplesamlphp/config/config.php b/docker/configs/var-simplesamlphp/config/config.php index 991fdeb0..fa4d1cf6 100644 --- a/docker/configs/var-simplesamlphp/config/config.php +++ b/docker/configs/var-simplesamlphp/config/config.php @@ -21,7 +21,7 @@ * external url, no matter where you come from (direct access or via the * reverse proxy). */ - 'baseurlpath' => 'https://sso.local.dev.bitgrid.net/simplesaml/', + 'baseurlpath' => 'https://sso.local/simplesaml/', 'certdir' => 'cert/', 'loggingdir' => 'log/', 'datadir' => 'data/', diff --git a/docker/configs/var-simplesamlphp/metadata/saml20-sp-remote.php b/docker/configs/var-simplesamlphp/metadata/saml20-sp-remote.php index aa347eb8..6fde74bc 100644 --- a/docker/configs/var-simplesamlphp/metadata/saml20-sp-remote.php +++ b/docker/configs/var-simplesamlphp/metadata/saml20-sp-remote.php @@ -1,6 +1,6 @@ 'https://nextcloud.local.dev.bitgrid.net/index.php/apps/user_saml/saml/metadata', +$metadata['https://nextcloud.local/index.php/apps/user_saml/saml/metadata'] = array ( + 'entityid' => 'https://nextcloud.local/index.php/apps/user_saml/saml/metadata', 'contacts' => array ( ), @@ -11,7 +11,7 @@ 0 => array ( 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', - 'Location' => 'https://nextcloud.local.dev.bitgrid.net/index.php/apps/user_saml/saml/acs', + 'Location' => 'https://nextcloud.local/index.php/apps/user_saml/saml/acs', 'index' => 1, ), ), @@ -20,7 +20,7 @@ 0 => array ( 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', - 'Location' => 'https://nextcloud.local.dev.bitgrid.net/index.php/apps/user_saml/saml/sls', + 'Location' => 'https://nextcloud.local/index.php/apps/user_saml/saml/sls', ), ), 'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified', @@ -36,4 +36,4 @@ ), 'validate.authnrequest' => false, 'saml20.sign.assertion' => false, - ); \ No newline at end of file + ); diff --git a/docs/services/sso.md b/docs/services/sso.md index 23285be7..60f1c74f 100644 --- a/docs/services/sso.md +++ b/docs/services/sso.md @@ -16,9 +16,9 @@ docker compose up -d proxy nextcloud saml ``` - uid mapping: `urn:oid:0.9.2342.19200300.100.1.1` -- idp entity id: `https://sso.local.dev.bitgrid.net/simplesaml/saml2/idp/metadata.php` -- Single Sign-On (SSO) service url: `https://sso.local.dev.bitgrid.net/simplesaml/saml2/idp/SSOService.php` -- single log out service url: `https://sso.local.dev.bitgrid.net/simplesaml/saml2/idp/SingleLogoutService.php` +- idp entity id: `https://sso.local/simplesaml/saml2/idp/metadata.php` +- Single Sign-On (SSO) service url: `https://sso.local/simplesaml/saml2/idp/SSOService.php` +- single log out service url: `https://sso.local/simplesaml/saml2/idp/SingleLogoutService.php` - use certificate from `docker/configs/var-simplesamlphp/cert/example.org.crt` ```