Skip to content

Commit 6aaa8f5

Browse files
spaceonespaceone
committed
fix(inst): consider domains >= UCS 5.1 where Keycloak is not yet installed
Fixes: #204 Signed-off-by: Florian Best <best@univention.de>
1 parent d33d221 commit 6aaa8f5

1 file changed

Lines changed: 14 additions & 7 deletions

File tree

inst

Lines changed: 14 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -265,7 +265,12 @@ nextcloud_configure_saml() {
265265
$SETCMD general-require_provisioned_account --value="1"
266266
$SETCMD general-allow_multiple_user_back_ends --value="1"
267267

268+
268269
if ! ucs_needsKeycloakSetup "$@"; then
270+
if dpkg --compare-versions "${version_version}" gt "5.0"; then
271+
echo "Skipping SAML configuration. No IDP configured for use."
272+
return
273+
fi
269274
# SimpleSAMLphp (UCS 5.0 or lower)
270275
udm saml/serviceprovider create "$@" \
271276
--ignore_exists \
@@ -289,7 +294,7 @@ nextcloud_configure_saml() {
289294
--idp-singleLogoutService.url="https://${ucs_server_sso_fqdn}/simplesamlphp/saml2/idp/SingleLogoutService.php" \
290295
--idp-singleSignOnService.url="https://${ucs_server_sso_fqdn}/simplesamlphp/saml2/idp/SSOService.php" \
291296
--idp-entityId="https://${ucs_server_sso_fqdn}/simplesamlphp/saml2/idp/metadata.php" \
292-
1
297+
1 || die "Could not configure simpleSAMLphp as Nextcloud Identity Provider"
293298
else
294299
IDP_CERT=$(univention-keycloak "$@" saml/idp/cert get --as-pem --output /dev/stdout)
295300
SSO_URL="$(univention-keycloak "$@" get-keycloak-base-url)"
@@ -299,12 +304,12 @@ nextcloud_configure_saml() {
299304
--idp-singleLogoutService.url="$SSO_URL/realms/ucs/protocol/saml" \
300305
--idp-singleSignOnService.url="$SSO_URL/realms/ucs/protocol/saml" \
301306
--idp-entityId="$SSO_URL/realms/ucs" \
302-
1
307+
1 || die "Could not configure Keycloak as Nextcloud Identity Provider"
303308

304309
# Keycloak (starting with UCS 5.1 or optionally manually migrated UCS 5.0)
305310
univention-keycloak "$@" saml/sp create \
306311
--metadata-url="https://$hostname.$domainname/nextcloud/apps/user_saml/saml/metadata" \
307-
--role-mapping-single-value || die
312+
--role-mapping-single-value || die "Could not configure Nextcloud Service Provider as Keycloak"
308313
fi
309314
}
310315

@@ -317,16 +322,18 @@ nextcloud_modify_users() {
317322

318323
SP_DN=$(univention-ldapsearch -LLL SAMLServiceProviderIdentifier=https://$hostname.$domainname/nextcloud/apps/user_saml/saml/metadata dn | cut -d ' ' -f 2)
319324

325+
has_simplesamlphp=false
326+
if ! ucs_needsKeycloakSetup "$@" && dpkg --compare-versions "${version_version}" lt "5.1"; then
327+
has_simplesamlphp=true
328+
fi
329+
320330
for dn in $(udm users/user list "$@" --filter "$nextcloud_ucs_modifyUsersFilter" | sed -ne 's/^DN: //p') ; do
321331
echo "modifying $dn .."
322332
udm users/user modify "$@" --dn "$dn" \
323333
--set nextcloudEnabled="$nextcloud_ucs_userEnabled" \
324334
--set nextcloudQuota="$nextcloud_ucs_userQuota"
325335

326-
if ! ucs_needsKeycloakSetup "$@"; then
327-
udm users/user modify "$@" --dn "$dn" \
328-
--append serviceprovider="$SP_DN"
329-
fi
336+
[ "$has_simplesamlphp" = "true" ] && udm users/user modify "$@" --dn "$dn" --append serviceprovider="$SP_DN"
330337
done
331338
}
332339

0 commit comments

Comments
 (0)