trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update index.md 

Replace user.ak_groups.all() with user.all_groups per 2023.8 release notes in Admin Group

Update Expression in Admin group to only pass groups that start with 'NC-' to NextCloud.  Add verbiage around naming for admin group.

Signed-off-by: Sean Dion <smdion@gmail.com>
This commit is contained in:
Sean Dion 2023-10-26 12:39:35 -05:00 committed by GitHub
parent e086da68cd
commit 4865864d97
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
website/integrations/services/nextcloud/index.md
View File

@ -98,13 +98,14 @@ To give authentik users admin access to your Nextcloud instance, you need to cre
Create a custom SAML Property Mapping:
- Set the _SAML Attribute Name_ to `http://schemas.xmlsoap.org/claims/Group`.
- Set the _Expression_ to:
- Set group names that you want to passthrough to start with 'NC-'
- Set the admin group to 'NC-Admin'
- Set the _Expression_ to (the 'NC-' will be removed before sending to Nextcloud):
```python
for group in user.ak_groups.all():
yield group.name
if ak_is_group_member(request.user, name="<authentik nextcloud admin group's name>"):
yield "admin"
groups = [group.name for group in user.all_groups() if group.name.startswith("NC-")]
for group in groups:
yield group[3:]
```
Then, edit the Nextcloud SAML Provider, and replace the default Groups mapping with the one you've created above.