Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add global scale (gss) support #1011

Merged
merged 3 commits into from
Jan 15, 2025
Merged

Add global scale (gss) support #1011

merged 3 commits into from
Jan 15, 2025

Conversation

julien-nc
Copy link
Member

This adds global scale support in user_oidc.
This requires nextcloud/globalsiteselector#168

  • Adjust LoginController::singleLogoutService to get the provider ID from the GSS logout JWT token
  • Adjust the provisioning service to get the user information needed by GSS and store it in the session (uid, email, display name, quota and groups)
  • Adjust the user backend: add getUserData (inspired by user_saml) to format the user data for the GSS master

Questions/doubts:

  • In LoginController::singleLogoutService we try to get the OIDC login token from the session to optionally pass it as a GET parameter to the "end session endpoint" of the OIDC provider. If the session has died on the GSS master, this won't work. We will pass an empty login token. How bad is this?
  • We don't support the backchannel logout yet

@julien-nc julien-nc added enhancement New feature or request 3. to review labels Dec 16, 2024
@julien-nc julien-nc mentioned this pull request Dec 16, 2024
Open
juliusknorr
juliusknorr reviewed Dec 20, 2024
View reviewed changes
Copy link
Member

@juliusknorr juliusknorr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some small comments, generally the code looks sane, but I have not tested as discussed.

lib/Controller/LoginController.php Outdated Show resolved Hide resolved
lib/User/Backend.php Show resolved Hide resolved
@julien-nc julien-nc requested a review from juliusknorr January 14, 2025 11:12
juliusknorr
juliusknorr reviewed Jan 14, 2025
View reviewed changes
lib/Controller/LoginController.php
@@ -509,6 +513,9 @@ public function code(string $state = '', string $code = '', string $scope = '',
$this->userSession->completeLogin($user, ['loginName' => $user->getUID(), 'password' => '']);
$this->userSession->createSessionToken($this->request, $user->getUID(), $user->getUID());
$this->userSession->createRememberMeToken($user);
// TODO server should/could be refactored so we don't need to manually create the user session and dispatch the login-related events
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you file an issue in server and reference that? Helps to keep track of other cases or considerations around that.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Issue filed: nextcloud/server#50194

juliusknorr
juliusknorr approved these changes Jan 14, 2025
View reviewed changes
Copy link
Member

@juliusknorr juliusknorr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code wise this seems fine 👍

@julien-nc julien-nc merged commit fb9a2d4 into main Jan 15, 2025
45 checks passed
@julien-nc julien-nc deleted the enh/noid/gss branch January 15, 2025 10:25
@julien-nc julien-nc mentioned this pull request Jan 20, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@juliusknorr juliusknorr juliusknorr approved these changes

@ArtificialOwl ArtificialOwl Awaiting requested review from ArtificialOwl

Assignees
No one assigned
Labels
3. to review enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@julien-nc @juliusknorr