diff --git a/changelog/unreleased/fix-ocm-external-idp.md b/changelog/unreleased/fix-ocm-external-idp.md new file mode 100644 index 00000000000..c26aea5b1a0 --- /dev/null +++ b/changelog/unreleased/fix-ocm-external-idp.md @@ -0,0 +1,7 @@ +Bugfix: Fix federated sharing when using an external IDP + +We fixed a bug that caused federated sharing to fail, when the +federated oCIS instances where sharing the same external IDP. + +https://github.com/owncloud/ocis/pull/1xxxx +https://github.com/cs3org/reva/pull/4933 diff --git a/services/graph/pkg/identity/backend.go b/services/graph/pkg/identity/backend.go index 8f3d09686c3..976f97d5ce2 100644 --- a/services/graph/pkg/identity/backend.go +++ b/services/graph/pkg/identity/backend.go @@ -8,7 +8,6 @@ import ( "github.com/CiscoM31/godata" cs3group "github.com/cs3org/go-cs3apis/cs3/identity/group/v1beta1" cs3user "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1" - ocmuser "github.com/cs3org/reva/v2/pkg/ocm/user" libregraph "github.com/owncloud/libre-graph-api-go" "github.com/owncloud/ocis/v2/services/graph/pkg/errorcode" ) @@ -134,12 +133,6 @@ func CreateUserModelFromCS3(u *cs3user.User) *libregraph.User { OnPremisesSamAccountName: u.GetUsername(), Id: &u.GetId().OpaqueId, } - // decode the remote id if the user is federated - if u.GetId().GetType() == cs3user.UserType_USER_TYPE_FEDERATED { - remoteID := ocmuser.RemoteID(u.GetId()) - user.Identities[0].Issuer = &remoteID.Idp - user.Identities[0].IssuerAssignedId = &remoteID.OpaqueId - } return user } diff --git a/services/ocm/pkg/revaconfig/config.go b/services/ocm/pkg/revaconfig/config.go index 601cfc3bb81..9a33ce13c5f 100644 --- a/services/ocm/pkg/revaconfig/config.go +++ b/services/ocm/pkg/revaconfig/config.go @@ -2,6 +2,7 @@ package revaconfig import ( "math" + "net/url" "github.com/owncloud/ocis/v2/ocis-pkg/log" "github.com/owncloud/ocis/v2/services/ocm/pkg/config" @@ -9,6 +10,19 @@ import ( // OCMConfigFromStruct will adapt an oCIS config struct into a reva mapstructure to start a reva service. func OCMConfigFromStruct(cfg *config.Config, logger log.Logger) map[string]interface{} { + + // Construct the ocm provider domain from the oCIS URL + providerDomain := "" + u, err := url.Parse(cfg.Commons.OcisURL) + switch { + case err != nil: + logger.Error().Err(err).Msg("could not parse oCIS URL") + case u.Host == "": + logger.Error().Msg("oCIS URL has no host") + default: + providerDomain = u.Host + } + return map[string]interface{}{ "shared": map[string]interface{}{ "jwt_secret": cfg.TokenManager.JWTSecret, @@ -59,7 +73,7 @@ func OCMConfigFromStruct(cfg *config.Config, logger log.Logger) map[string]inter "smtp_credentials": map[string]string{}, "gatewaysvc": cfg.Reva.Address, "mesh_directory_url": cfg.ScienceMesh.MeshDirectoryURL, - "provider_domain": cfg.Commons.OcisURL, + "provider_domain": providerDomain, "events": map[string]interface{}{ "natsaddress": cfg.Events.Endpoint, "natsclusterid": cfg.Events.Cluster, @@ -121,7 +135,7 @@ func OCMConfigFromStruct(cfg *config.Config, logger log.Logger) map[string]inter "file": cfg.OCMInviteManager.Drivers.JSON.File, }, }, - "provider_domain": cfg.Commons.OcisURL, + "provider_domain": providerDomain, "token_expiration": cfg.OCMInviteManager.TokenExpiration.String(), "ocm_timeout": int(math.Round(cfg.OCMInviteManager.Timeout.Seconds())), "ocm_insecure": cfg.OCMInviteManager.Insecure, @@ -142,7 +156,7 @@ func OCMConfigFromStruct(cfg *config.Config, logger log.Logger) map[string]inter }, }, "gatewaysvc": cfg.Reva.Address, - "provider_domain": cfg.Commons.OcisURL, + "provider_domain": providerDomain, "webdav_endpoint": cfg.Commons.OcisURL, "webapp_template": cfg.OCMShareProvider.WebappTemplate, "client_insecure": cfg.OCMShareProvider.Insecure,