I would like to set up a dokuwiki for my nextcloud users, preferably so that the users and groups are identical in regards to access permissions in the wiki and there is no need to log in again.
Having the option to access the files from the nextcloud directly (or at least via the upload mechanism in Dokuwiki) would be of course a plus.
It seems like there used to be Dokuwiki plugins for Owncloud, but without any updates for a long time. See for example:
The more interesting authentication plug-in seems to have been updated somewhat more recently as a fork here:
It seems like it now uses the User provisioning API, which I assume is still not changed that much from early 2016 Owncloud? However it also states:
Use the OC provisioning API all over the place.
Drawback: we need either to tweak OC to use cookie-auth for the API
calls, or decode the dokuwiki password from the DokuWiki cookie (ouch).
I am not really able to do much more than small changes to extisting plugins, so if anyone more experienced would like to take this up, that would be really awesome. However some hints in how far those old OC plugins could be still “updatable” without rewriting much, would be also appreciated.
There is also this somewhat outdated one (check the OC 8.2 branch, last updated early 2016):
Ok, I think I found a way to synchronize login data: there is a nice Dokuwiki plugin that can authenticate against a Wordpress blog, and with the user_sql plugin it should be possible to link Nexcloud to the Wordpress database as well.
Sadly the user_sql is not available in the appstore for NC12, but it can be found here:
While it seems quite easy to create a SAML 2.0 IDP with wordpress using simpleSAMLphp and something like this: https://github.com/pitbulk/ssp-wordpress-authentication
(or one of the ready made SAML server WP plug-ins, but I dislike the freemium approach of so many of the WP plug-ins where the open source core functionality is intentionally cut down to incentive you to upgrade)
I am wondering if Nextcloud can also be easily setup as a SAML 2.0 IDP? I think the existing SAML 2.0 SSO that is part of the core plugins only allows logging into an external SAML IDP, but I guess getting SimpleSAMLphp to authenticate against a Nextcloud DB should not be that difficult. Anyone got such a system working?
While I didn’t yet find the time to test it with the Dokuwiki plugin, I hacked together a SimpleSAMLphp IDP auth plugin that authenticates against the Nextcloud12 DB. More or less untested and not recommended by the Nextcloud developers, but maybe of some use for someone other than me:
Since the attribute names are all specified in the SQL query, it is quite flexible and can even pass on group membership in its current form.
Can’t really help you with that, as I never got around configuring that (and it seems that the nextcloud SAML app does not do anything other than auth and you need LDAP to get the user data etc.).
The simpleSAMLphp plugin I linked above is to get the IDP data directly out of the Nextcloud data base to authenticate other services against it… so practically Nextcloud is only indirectly involved in it.
From a paying (enterprise) customer point of view there is already real support, as both can be integrated via LDAP.
And from a hobbyists perspective you can hack a “good enough” solution together like I did in much less time than it would take to write a specialized plugin for it.
Would be nice if Nextcloud could act as an OpenID Connect endpoint at some point in the future to make this easier, but this has been asked for several times before and it seems very low on their priority list (or they are waiting for a paying customer to ask for it).
Hey, swinging back around on this. Now that oauth is being used extensively by the #apps:dashboard in /settings/admin/connected-accounts I’m wondering if we’ll finally be able to get Kanboard and DokuWiki authenticating.
Hoping to update current status on this… thanks for spending so much time sorting through it!
Nextcloud OAuth2 implementation currently does not support scoped access. This means that every token has full access to the complete account including read and write permission to the stored files. It is essential to store the OAuth2 tokens in a safe way!
Without scopes and restrictable access it is not recommended to use a Nextcloud instance as a user authentication service.