nextcloud
Enhance SP settings configuration
Hi,
When I did my initial configuration I used the IP address of my Nextcloud, therefore the SP's metadata were not using the target SP domain name, so we should start the SAML config after adding a trusted domain name and managing nextcloud using it (that is not super obvious at first). Maybe you could add a field for the SP setting where the SP entity ID is configurable ?
Additionally, I am using Nextcloud behind a reverse proxy that does the SSL offloading. In this scenario, although the client is using HTTPS only, the AuthnRequest generated by the server contains a Issuer with http only (because it's hit using plain http on the serverside I suppose). It'd be great to support this scenario and have the SP aware it's being SSL offloaded by being able to configure (advanced view?) EntityID, Issuer, ACS with https no matter what...
The first field under general is where the attribute is expected to match the username. When a value is in that field, you no longer know what that field is for (the only explanation is there when the field is cleared). I normally use the SAML subject for user identification but here only an attribute works; couldn't you allow the subject to map the username and only use attributes for group, group admin, quota ?
Finally, do you intend to : Allow IdP metadata import to simplify IdP configuration ? Support Multiple IdP (hostname based) ?
Thank you. And keep up the good work !
Salim
Fixed some of the issues with https://github.com/nextcloud/user_saml/pull/816
-
Multiple IdPs are long time there already, but not connected to hostnames. There is a contribution though that addresses it: https://github.com/nextcloud/user_saml/pull/815
-
Config by meta data import is not there and currently it is not on the roadmap.
