I’m trying to setup owncloud with single sign on using Authentik. I have it working for normal users. There is a feature that allows automatic role assignment to users so that admin users from authentik become admin users for owncloud.
This is described here: https://doc.owncloud.com/ocis/next/deployment/services/s-list/proxy.html#automatic-role-assignments.
In this document, they describe having attributes like
- role_name: admin
claim_value: ocisAdmin
The problem I have is I don’t know how to input this information into an Authentik user. As a result, owncloud is giving me this error:
ERR Error mapping role names to role ids error="no roles in user claims" line=github.com/owncloud/ocis/v2/services/proxy/pkg/userroles/oidcroles.go:84 request-id=5a6d0e69-ad1b-4479-b2d9-30d4b4afb8f2 service=proxy userid=05b283cd-606c-424f-ae67-5d0016f2152c
Any authentik experts out there?
I tried putting this under the attributes section of the user profile in authentik:
role_name: admin
claim_value: ocisAdmin
It doesn’t work and it won’t let me format YAML like the documentation where the claim_value is a child of the role_name.
not an authentik user, but after skimming their docs i think you have to:
it might be that you also have to define somekind of mapper to include this in the informations owncloud receives from authentik, but as i said i only skimmed the docs and would personally just try it without the mapper.
tried this and also tried making a role in authentik assigned to the group called ocisAdmin and added the admin user to it, it still gives the same error. Seems like I need to define a proxy.yaml file in owncloud with the roles, I did this and it still doesn’t work.
does authentik offer an option to preview a jwt for a given user? might be as simple as that the claim is not named “ocisAdmin” or is not a toplevel entry in the jwt.