docs icon indicating copy to clipboard operation
docs copied to clipboard

Published 20 hours ago verified publisher icon owncloud

[MS Teams Integration] Add section "how to authenticate via basic auth"

Open tbsbdr opened this issue 3 years ago • 2 comments

WHAT Needs to be Documented?

How to authenticate via Basic Auth within the MS Teams integration if you don't want or have Azure AD. @fschade please check if Steps 1-2 are correct instructions.

this need to be documented:

Step 1:

Add a header directive Add a header directive to the Apache .htaccess configuration located in your ownCloud web root in section <IfModule mod_env.c>. You can set this directive also in your vHosts config if you use one. Header merge Content-Security-Policy "frame-ancestors teams.microsoft.com *.teams.microsoft.com"

Step 2:

Allow cookies in all contexts Allow Cookies to be set in all contexts, i.e in responses to both first-party and cross-origin requests. config.php: 'http.cookie.samesite' => 'None'

WHERE Does This Need To Be Documented (Link)?

https://doc.owncloud.com/server/10.7/admin_manual/configuration/integration/ms-teams.html

WHY Should This Change Be Made?

To give users the chance to use the MS Teams integration even without Azure AD eg. in private setups.

(Optional) What Type Of Content Change Is This?

  • [x] New Content Addition
  • [ ] Old Content Deprecation
  • [ ] Existing Content Simplification
  • [ ] Bug Fix to Existing Content

(Optional) Which Manual Does This Relate To?

  • [x] Admin Manual
  • [ ] Developer Manual
  • [ ] User Manual
  • [ ] Android
  • [ ] iOS
  • [ ] Branded Clients
  • [ ] Desktop Client
  • [ ] Other

tbsbdr avatar Apr 30 '21 06:04 tbsbdr

@tbsbdr, the header can be added in apache for example too, bbut it's a different syntax compared to the htaccess one. the Add a header directive is required by booth (oidc, basic auth). so maybe it should be in a general "groundwork" section.

fschade avatar Apr 30 '21 07:04 fschade

Heads up!

  1. manipulating ownClouds .htaccess file results in a broken integrity check
  2. changing content security policies might break things easily if not well tested

Remedy: use a merge header in Apaches vHost config:

Header merge Content-Security-Policy "frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com"

The missing part was the "self" directive which results in blocked frame/iframe/... usage from cloud.owncloud.com itself:

image

tbsbdr avatar Apr 30 '21 09:04 tbsbdr