ownCloud with Azure AD Integration?
-
@scottalanmiller said:
@coliver said:
This is assuming that ownCloud supports SAML.
Not since ownCloud 4.5
https://apps.owncloud.com/content/show.php/user_saml++?content=154410
Ah... there goes that idea. Can ownCloud use local system authentication? Then you may be able to set it up that way.
-
@coliver said:
Ah... there goes that idea. Can ownCloud use local system authentication? Then you may be able to set it up that way.
That's what is uses by default. I've never seen any application other than SW that lacks local authentication as an option.
-
@scottalanmiller said:
@coliver said:
Ah... there goes that idea. Can ownCloud use local system authentication? Then you may be able to set it up that way.
That's what is uses by default. I've never seen any application other than SW that lacks local authentication as an option.
Really? I thought it had a database table for users.
-
@coliver said:
Really? I thought it had a database table for users.
If it does, it's new. Which would be really odd as they've been moving even farther from that rather than towards. It traditionally was AD only and turned off authentication if you didn't have AD. Now it uses the website for authentication.
-
@scottalanmiller I'm not following. I've had it running for at least 3 major releases and have never had it attached to AD nor have I created users on the local system. I have always needed a username and password to get into the application.
-
@coliver said:
@scottalanmiller I'm not following. I've had it running for at least 3 major releases and have never had it attached to AD nor have I created users on the local system. I have always needed a username and password to get into the application.
Those logins are tied to the SW community. They are not purely local. that was removed 1-2 years ago.
-
@coliver said:
@scottalanmiller I'm not following. I've had it running for at least 3 major releases and have never had it attached to AD nor have I created users on the local system. I have always needed a username and password to get into the application.
So if you did not create the users... where did you think that they were coming from
-
@scottalanmiller said:
@coliver said:
@scottalanmiller I'm not following. I've had it running for at least 3 major releases and have never had it attached to AD nor have I created users on the local system. I have always needed a username and password to get into the application.
So if you did not create the users... where did you think that they were coming from
Are we talking about the same application? For ownCloud, in the past I had to remote into the database to change the admin password that I had forgotten. Hence why I said that the username and password were stored in the ownCloud database.
When I said local authentication I meant Linux users being authenticated to use the ownCloud application. Then you could use SAML on the local Linux system to authenticate against Azure AD. Probably too convoluted and sensitive to be used in production though.
-
@coliver said:
@scottalanmiller said:
@coliver said:
@scottalanmiller I'm not following. I've had it running for at least 3 major releases and have never had it attached to AD nor have I created users on the local system. I have always needed a username and password to get into the application.
So if you did not create the users... where did you think that they were coming from
Are we talking about the same application? For ownCloud, in the past I had to remote into the database to change the admin password that I had forgotten. Hence why I said that the username and password were stored in the ownCloud database.
We started talking about how SW was the sole application that lacked local users.
-
@scottalanmiller said:
@coliver said:
@scottalanmiller said:
@coliver said:
@scottalanmiller I'm not following. I've had it running for at least 3 major releases and have never had it attached to AD nor have I created users on the local system. I have always needed a username and password to get into the application.
So if you did not create the users... where did you think that they were coming from
Are we talking about the same application? For ownCloud, in the past I had to remote into the database to change the admin password that I had forgotten. Hence why I said that the username and password were stored in the ownCloud database.
We started talking about how SW was the sole application that lacked local users.
Odd. I was never talking about SW. Sorry I must have missed something.
-
@coliver said:
When I said local authentication I meant Linux users being authenticated to use the ownCloud application. Then you could use SAML on the local Linux system to authenticate against Azure AD. Probably too convoluted and sensitive to be used in production though.
I'm not aware of ownCloud using, nor would you want to, the local UNIX user store.
-
@scottalanmiller said:
@coliver said:
When I said local authentication I meant Linux users being authenticated to use the ownCloud application. Then you could use SAML on the local Linux system to authenticate against Azure AD. Probably too convoluted and sensitive to be used in production though.
I'm not aware of ownCloud using, nor would you want to, the local UNIX user store.
Ok... good. I wasn't advocating that just wondering if it was possible. That would be a workaround for SAML not being supported.
-
@coliver said:
@scottalanmiller said:
@coliver said:
@scottalanmiller said:
@coliver said:
@scottalanmiller I'm not following. I've had it running for at least 3 major releases and have never had it attached to AD nor have I created users on the local system. I have always needed a username and password to get into the application.
So if you did not create the users... where did you think that they were coming from
Are we talking about the same application? For ownCloud, in the past I had to remote into the database to change the admin password that I had forgotten. Hence why I said that the username and password were stored in the ownCloud database.
We started talking about how SW was the sole application that lacked local users.
Odd. I was never talking about SW. Sorry I must have missed something.
Ah, I was responding to you asking about local authentication saying that of course it does that. But you responding saying that it used a database. A local database is called local authentication in apps. Using the UNIX system is not considered local but system. That's where we disconnected. Your response only made sense to me in the context of responding to the SW comment.
-
@coliver said:
Ok... good. I wasn't advocating that just wondering if it was possible. That would be a workaround for SAML not being supported.
How would that help? How would authenticating against the /etc/passwd file get me access to Azure AD?
-
@scottalanmiller said:
@coliver said:
Ok... good. I wasn't advocating that just wondering if it was possible. That would be a workaround for SAML not being supported.
How would that help? How would authenticating against the /etc/passwd file get me access to Azure AD?
Now that I think about it, probably wouldn't. I was thinking if you could change the authentication authority to be a federated source then you could use that as a backend for ownCloud. But that wouldn't work for system authentication.
-
@coliver said:
Now that I think about it, probably wouldn't. I was thinking if you could change the authentication authority to be a federated source then you could use that as a backend for ownCloud. But that wouldn't work for system authentication.
Right, because OC would see a "blank" local user list, not the SAML federation.
-
@scottalanmiller said:
@coliver said:
Now that I think about it, probably wouldn't. I was thinking if you could change the authentication authority to be a federated source then you could use that as a backend for ownCloud. But that wouldn't work for system authentication.
Right, because OC would see a "blank" local user list, not the SAML federation.
Yep, that's the conclusion I made. Sorry to derail the thread. Just had to think my way through it a bit more.
-
SAML is supported in the Enterprise Edition - so that part would work. Besides that, I don't know if there is specifically Azure AD Integration...
-
@jospoortvliet said:
SAML is supported in the Enterprise Edition - so that part would work. Besides that, I don't know if there is specifically Azure AD Integration...
That's sad that the big enterprise AD integration is included in the free version but the SMB Azure AD federation is limited to the enterprise versions
-
@scottalanmiller said:
Has anyone looked into authentication ownCloud using Azure AD? Is this something that ownCloud themselves is looking into? That would be an awesome addition to ownCloud, IMHO. Especially in the SMB space. As companies start to move to lots of Office 365 and Windows 10 and now that Linux Mint will authenticate to Azure AD, it would be awesome to have ownCloud able to authenticate there rather than only to LDAP or traditional on premises AD.
I was thinking this very thing when someone posted about federated authentication with ownCloud yesterday!
