Configuring environment based authentication : REMOTE_USER

Franck_TURLAN · March 29, 2017, 8:14am

Hi,

My database is not set.
I have executed the sql queries directly in base to have authentication.
But now the USER is still null.

MYSQL :
update oc_appconfig SET configvalue = “environment-variable” where appid = “user_saml” and configkey = “type” ;

LOG APACHE :
Wed Mar 29 10:56:08.620277 2017] [auth_kerb:debug] [pid 14048] src/mod_auth_kerb.c(1590): [client 10.156.240.40:61814] matched previous auth request
[Wed Mar 29 10:56:08.620412 2017] [auth_kerb:debug] [pid 14048] src/mod_auth_kerb.c(1558): [client 10.156.240.40:61814] kerb_authenticate_a_name_to_local_name mtoto01@AD.INFRA.TEST -> mtoto01
[Wed Mar 29 10:56:08.620440 2017] [authz_core:debug] [pid 14048] mod_authz_core.c(802): [client 10.156.240.40:61814] AH01626: authorization result of Require valid-user : granted
[Wed Mar 29 10:56:08.620447 2017] [authz_core:debug] [pid 14048] mod_authz_core.c(802): [client 10.156.240.40:61814] AH01626: authorization result of : granted

LOG NEXTCLOUD :
":“GET”,“url”:"/cron.php",“user”:"–",“version”:“11.0.2.7”}
{“reqId”:“sXhjQkIE3aWH7lYqO2ef”,“remoteAddr”:“10.156.248.99”,“app”:“user_ldap”,“message”:“No DN found for on dc102.ad.infra.test”,“level”:0,“time”:“2017-03-29T08:50:54+00:00”,“method”:“GET”,“url”:"/cron.php",“user”:"–",“version”:“11.0.2.7”}
{“reqId”:“sXhjQkIE3aWH7lYqO2ef”,“remoteAddr”:“10.156.248.99”,“app”:“user_ldap”,“message”:“No DN found for on ldap.oc.test”,“level”:0,“time”:“2017-03-29T08:50:54+00:00”,“method”:“GET”,“url”:"/cron.php",“user”:"–",“version”:“11.0.2.7”}
{“reqId”:“sXhjQkIE3aWH7lYqO2ef”,“remoteAddr”:“10.156.248.99”,“app”:“user_ldap”,“message”:“No DN found for on dc102.ad.infra.test”,“level”:0,“time”:“2017-03-29T08:50:54+00:00”,“method”:“GET”,“url”:"/cron.php",“user”:"–",“version”:“11.0.2.7”}
{“reqId”:“sXhjQkIE3aWH7lYqO2ef”,“remoteAddr”:“10.156.248.99”,“app”:“user_ldap”,“message”:“No DN found for on ldap.oc.test”,“level”:0,“time”:“2017-03-29T08:50:54+00:00”,“method”:“GET”,“url”:"/cron.php",“user”:"–",“version”:“11.0.2.7”}
{“reqId”:“sXhjQkIE3aWH7lYqO2ef”,“remoteAddr”:“10.156.248.99”,“app”:“user_ldap”,“message”:“No DN found for on dc102.ad.infra.test”,“level”:0,“time”:“2017-03-29T08:50:54+00:00”,“method”:“GET”,“url”:"/cron.php",“user”:"–",“version”:“11.0.2.7”}
{“reqId”:“sXhjQkIE3aWH7lYqO2ef”,“remoteAddr”:“10.156.248.99”,“app”:“user_ldap”,“message”:“No DN found for on ldap.oc.test”,“level”:0,“time”:“2017-03-29T08:50:54+00:00”,“method”:“GET”,“url”:"/cron.php",“user”:"–",“version”:“11.0.2.7”}

Franck_TURLAN · March 29, 2017, 1:24pm

Hi,

I’ve resolved my problem.

update oc_appconfig SET configvalue = “REMOTE_USER” where appid = “user_saml” and configkey = “general-uid_mapping” ;

INSERT INTO oc_user_saml_users (uid, displayname) VALUES (‘mtoto01’, ‘Monsieur toto’) ;

jm009 · September 29, 2017, 5:21am

For PostgreSQL I had to write it with single quotes:

update oc_appconfig SET configvalue = 'REMOTE_USER' where appid = 'user_saml' and configkey = 'general-uid_mapping';
INSERT INTO oc_user_saml_users (uid, displayname) VALUES ('admin', 'Administrator') ;

I have managed running Nextcloud with the Tomcat web server. The Tomcat CGIServlet also creates an environment variable REMOTE_USER.

By the way:
To disable the SSO & SAML app, I had to do

update oc_appconfig SET configvalue='no' where appid='user_saml' and configkey='enabled';