Kjeld Schouten

@danb35 Please remove the crap about DNS-O-MATIC and Cloudflare completely... Cloudflare already has its own API which can be used on a lot of platforms to setup dyndns.

Check the "referer" request header. This is mostly to a referer header stating something other than "https://fetlife.com"*

The whole thing with OIDC is that it is supposed to delegate ALL authentication to an external party. Including 2FA. Guess complaining with upstream standards committees might be best...

@djessich please rebase so @pulsejet can finally have a look...

It already has a nice orange "invalid metadata" tag to the right of the button. Simple fix would be just disabling the button and it would be pretty clear for...

@fri-sch Well I don't know if something else broke. But it isn't. I don't even get how a logout request from the IDP would ever lead to a session being...

@Spacelord09 considering my research in #455 and the 19(!) open PR's and 95(!) open Issues (which both barely get any response from Nextcloud, if at all), I think you know...

I spend days going through the code finding out why SAML SLO wasn't working. The cause was quite clear, see my research in my own issue about this: They changed...

> When clicking on `Show optional Identity Provider settings` you can set `URL Location of the IdP where the SP will send the SLO Request`. I've set this to `https://adfs.domain.tld/adfs/ls/?wa=wsignout1.0`...

SAML logout shouldn't put your user in some sort of cascade of different logout urls's for different SP's. It should de SLO in the background and each SP should invalidate...