configure nextcloud sso app with same variable
This commit is contained in:
parent
f9cb785cf8
commit
e6b11a5acb
1 changed files with 10 additions and 8 deletions
|
@ -869,7 +869,14 @@ in
|
||||||
'';
|
'';
|
||||||
})
|
})
|
||||||
|
|
||||||
(lib.mkIf cfg.apps.sso.enable {
|
(let
|
||||||
|
scopes = [
|
||||||
|
"openid"
|
||||||
|
"profile"
|
||||||
|
"email"
|
||||||
|
"groups"
|
||||||
|
];
|
||||||
|
in lib.mkIf cfg.apps.sso.enable {
|
||||||
assertions = [
|
assertions = [
|
||||||
{
|
{
|
||||||
assertion = cfg.apps.sso.enable -> cfg.apps.ldap.enable;
|
assertion = cfg.apps.sso.enable -> cfg.apps.ldap.enable;
|
||||||
|
@ -920,7 +927,7 @@ in
|
||||||
};
|
};
|
||||||
oidc_login_default_group = "oidc";
|
oidc_login_default_group = "oidc";
|
||||||
oidc_login_use_external_storage = false;
|
oidc_login_use_external_storage = false;
|
||||||
oidc_login_scope = "openid profile email groups";
|
oidc_login_scope = lib.concatStringsSep " " scopes;
|
||||||
oidc_login_proxy_ldap = false;
|
oidc_login_proxy_ldap = false;
|
||||||
# Enable creation of users new to Nextcloud from OIDC login. A user may be known to the
|
# Enable creation of users new to Nextcloud from OIDC login. A user may be known to the
|
||||||
# IdP but not (yet) known to Nextcloud. This setting controls what to do in this case.
|
# IdP but not (yet) known to Nextcloud. This setting controls what to do in this case.
|
||||||
|
@ -957,12 +964,7 @@ in
|
||||||
public = false;
|
public = false;
|
||||||
authorization_policy = cfg.apps.sso.authorization_policy;
|
authorization_policy = cfg.apps.sso.authorization_policy;
|
||||||
redirect_uris = [ "${protocol}://${fqdnWithPort}/apps/oidc_login/oidc" ];
|
redirect_uris = [ "${protocol}://${fqdnWithPort}/apps/oidc_login/oidc" ];
|
||||||
scopes = [
|
inherit scopes;
|
||||||
"openid"
|
|
||||||
"profile"
|
|
||||||
"email"
|
|
||||||
"groups"
|
|
||||||
];
|
|
||||||
userinfo_signing_algorithm = "none";
|
userinfo_signing_algorithm = "none";
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
Loading…
Reference in a new issue