diff --git a/authentik/policies/views.py b/authentik/policies/views.py index 844a939e2..b10ed4265 100644 --- a/authentik/policies/views.py +++ b/authentik/policies/views.py @@ -82,7 +82,7 @@ class PolicyAccessView(AccessMixin, View): policy_engine.build() result = policy_engine.result LOGGER.debug( - "AccessMixin user_has_access", + "PolicyAccessView user_has_access", user=user, app=self.application, result=result, diff --git a/website/docs/integrations/services/nextcloud/index.md b/website/docs/integrations/services/nextcloud/index.md new file mode 100644 index 000000000..516ef06af --- /dev/null +++ b/website/docs/integrations/services/nextcloud/index.md @@ -0,0 +1,61 @@ +--- +title: NextCloud +--- + +## What is NextCloud + +From https://en.wikipedia.org/wiki/Nextcloud + +:::note +Nextcloud is a suite of client-server software for creating and using file hosting services. Nextcloud is free and open-source, which means that anyone is allowed to install and operate it on their own private server devices. +::: + +:::warning +This setup only works, when NextCloud is running with HTTPS enabled. +::: + +:::warning +In case something goes wrong with the configuration, you can use the URL `http://nextcloud.company/login?direct=1` to log in using the built-in authentication. +::: + +## Preparation + +The following placeholders will be used: + +- `nextcloud.company` is the FQDN of the NextCloud install. +- `authentik.company` is the FQDN of the authentik install. + +Create an application in authentik and note the slug, as this will be used later. Create a SAML provider with the following parameters: + +- ACS URL: `https://nextcloud.company/apps/user_saml/saml/metadata` +- Audience: `https://nextcloud.company/apps/user_saml/saml/acs` +- Issuer: `https://authentik.company` +- Service Provider Binding: `Post` +- Property mappings: Select all Autogenerated mappings. + +You can of course use a custom signing certificate, and adjust durations. + +## NextCloud + +In NextCloud, navigate to `Settings`, then `SSO & SAML Authentication`. + +Set the following values: + +- Attribute to map the UID to.: `urn:oid:0.9.2342.19200300.100.1.1` +- Optional display name of the identity provider (default: "SSO & SAML log in"): `authentik` +- Identifier of the IdP entity (must be a URI): `https://authentik.company` +- URL Target of the IdP where the SP will send the Authentication Request Message: `https://authentik.company/application/saml//sso/binding/redirect/` + +Under Attribute mapping, set these values: + +- Attribute to map the displayname to.: `urn:oid:2.16.840.1.113730.3.1.241` +- Attribute to map the email address to.: `urn:oid:0.9.2342.19200300.100.1.3` +- Attribute to map the users groups to.: `member-of` + +## Group Quotas + +Create a group for each different level of quota you want users to have. Set a custom attribute, for example called `nextcloud_quota`, to the quota you want, for example `15 GB`. + +Afterwards, create a custom SAML Property Mapping with the name `SAML NextCloud Quota`. +Set the *SAML Name* to `nextcloud_quota`. +Set the *Expression* to `return user.group_attributes.get("nextcloud_quota", "1 GB")`, where `1 GB` is the default value for users that don't belong to another group (or have another value set). diff --git a/website/sidebars.js b/website/sidebars.js index e5b508a46..4c313dccb 100644 --- a/website/sidebars.js +++ b/website/sidebars.js @@ -103,6 +103,7 @@ module.exports = { "integrations/services/gitlab/index", "integrations/services/harbor/index", "integrations/services/home-assistant/index", + "integrations/services/nextcloud/index", "integrations/services/rancher/index", "integrations/services/sentry/index", "integrations/services/sonarr/index",