user_saml icon indicating copy to clipboard operation
user_saml copied to clipboard

Published 20 hours ago verified publisher icon nextcloud

SAML groups not fully compatible with Group-folders app

Open jo-krk opened this issue 10 months ago • 3 comments

Hi,

I'm not sure if it's a problem of Nextlcloud Server or user_saml app or groupfolders app, but perhaps you could help me to identify that at least. Thanks!

Steps to reproduce

  1. Add user Bob to group group-A in your IDP (In my case: Keycloak)
  2. Login with user Bob to Nextcloud
  3. group-A is now visible for Admins in my-nextcloud.com/index.php/settings/users
  4. Configure 'Group folder' for group-A in my-nextcloud.com/index.php/settings/admin/groupfolders , let's call it group-A-folder
  5. Create new user Alice add them to group group-A in IDP , but do not login with this user yet.
  6. Remove user Bob from group group-A
  7. Logout & login again with user Bob
  8. Group group-A is no longer visible for Admins in my-nextcloud.com/index.php/settings/users , because last active user doesn't belong to it anymore (?)
  9. Check 'Group folders' config (my-nextcloud.com/index.php/settings/admin/groupfolders) group-A-folder is still there, but as group-A is missing - it's assigned to "None" of the groups
  10. Login with user Alice and confirm that user can't see group-A-folder

Expected behaviour

Groups should be preserved even if last active member has left the group.

Actual behaviour

Groups are dropped as soon as last active member doesn't belong to the group anymore, that breaks compatibility with groupfolders app, even though 'External storage' (my-nextcloud.com/index.php/settings/admin/externalstorages) is preserving those groups

Server configuration

Operating system: Ubuntu 22.04.2 LTS

Web server: Apache

Database: Mariadb

PHP version: 8.1

Nextcloud version: 28.0.4

List of activated apps:

Enabled:
  - activity: 2.20.0
  - admin_audit: 1.18.0
  - circles: 28.0.0
  - cloud_federation_api: 1.11.0
  - comments: 1.18.0
  - contactsinteraction: 1.9.0
  - dashboard: 7.8.0
  - dav: 1.29.1
  - external: 5.3.1
  - federatedfilesharing: 1.18.0
  - federation: 1.18.0
  - files: 2.0.0
  - files_external: 1.20.0
  - files_pdfviewer: 2.9.0
  - files_reminders: 1.1.0
  - files_sharing: 1.20.0
  - files_trashbin: 1.18.0
  - files_versions: 1.21.0
  - firstrunwizard: 2.17.0
  - forms: 4.1.1
  - groupfolders: 16.0.6
  - impersonate: 1.15.0
  - logreader: 2.13.0
  - lookup_server_connector: 1.16.0
  - nextcloud_announcements: 1.17.0
  - notifications: 2.16.0
  - oauth2: 1.16.3
  - password_policy: 1.18.0
  - photos: 2.4.0
  - polls: 7.0.3
  - privacy: 1.12.0
  - provisioning_api: 1.18.0
  - qownnotesapi: 24.4.0
  - related_resources: 1.3.0
  - serverinfo: 1.18.0
  - settings: 1.10.1
  - sharebymail: 1.18.0
  - support: 1.11.1
  - survey_client: 1.16.0
  - systemtags: 1.18.0
  - text: 3.9.1
  - theming: 2.3.0
  - twofactor_backupcodes: 1.17.0
  - updatenotification: 1.18.0
  - user_saml: 6.1.3
  - user_status: 1.8.1
  - viewer: 2.2.0
  - weather_status: 1.8.0
  - workflowengine: 2.10.0

jo-krk avatar Apr 17 '24 15:04 jo-krk