Last active
September 20, 2020 07:39
-
-
Save Sylver11/afe3cba416dfe5b9490541035034e9f0 to your computer and use it in GitHub Desktop.
Configuring mod_auth_openidc for Nextcloud SAML
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #basic configs as found on the readme | |
| OIDCProviderMetadataURL <link_to_IPs_configs> | |
| OIDCClientID <client_id> | |
| OIDCClientSecret <client_secret> | |
| OIDCRedirectURI http://example.org/index.php/apps/user_saml/saml/login/callback | |
| OIDCCryptoPassphrase <passphrase> | |
| # turn off if no https configured | |
| # useful for testing purposes | |
| OIDCValidateServer off | |
| # setting REMOTE_USER to the users email | |
| # only works if also pulling the email scope. See below | |
| OIDCRemoteUserClaim email | |
| # remember to always include openidc | |
| OIDCScope "openid email profile" | |
| # to make sure that the google account is verified I am pulling the email_verified claim | |
| # however, headers containing underscores are being blocked from apache version < 2.4 | |
| # so this is the magical workaround | |
| # credits goes to Andrew for his answer here: https://serverfault.com/questions/900739/change-underscore-to-dash-in-apache-header | |
| RequestHeader set oidc-claim-email-verified "expr=%{req:oidc_claim_email_verified}" | |
| <VirtualHost *:80> | |
| ServerName example.org | |
| DocumentRoot /var/www/nextcloud | |
| <Location /index.php/apps/user_saml/saml/login> | |
| AuthType openid-connect | |
| Require valid-user | |
| </Location> | |
| </VirtualHost> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment