Implementation based on: https://github.com/ory/hydra-login-consent-node
Utilizing: https://github.com/ghengeveld/atlassian-crowd-client
-
Generate a local copy of
.env-example, called just.env -
Generate local certificate with
mkcert, and move them to theresources/certs/folder:mkcert crowdprovider.ruhmesmeile.machine crowd.ruhmesmeile.machine hydra.ruhmesmeile.machine hydraadmin.ruhmesmeile.machine nextcloud.ruhmesmeile.machine ruhmesmeile.machine localhost 127.0.0.1 ::1 mv crowdprovider.ruhmesmeile.machine+8-key.pem resources/certs/ruhmesmeile.machine.key mv crowdprovider.ruhmesmeile.machine+8.pem resources/certs/ruhmesmeile.machine.crt -
You may replace generated secrets (
SYSTEM_SECRET,COOKIE_SECRETin.env) by running the following command and using its output instead:export LC_CTYPE=C; cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1 -
Start everything with
make up -
Hydrate SQL for Hydra with
make hydrate-sql -
Finish Crowd installation by visiting https://crowd.ruhmesmeile.machine/crowd/
-
Add application
nextcloudin Atlassian Crowd: https://crowd.ruhmesmeile.machine/crowd/console/secure/application/addapplicationdetails.action- Screen 1 (
Details):- Application type:
Generic Application - Name:
nextcloud - Description:
Nextcloud instance - Password: generate one (or use default
betatester) and note it down for later
- Application type:
- Screen 2 (
Connection):- URL:
https://cloud.ruhmesmeile.machine - Remote IP address: resolve the host (Button:
Resolve IP Adress)
- URL:
- Screen 3 (
Directories):- Just select the (only) local directory
- Screen 4 (
Authorisation):- Check
Allow all users to authenticate
- Check
- Screen 5 (
Confirmation):- Confirm everything by clicking
Add application
- Confirm everything by clicking
- Screen 1 (
-
Add Atlassian Crowd dev license (Vault:
Infrastruktur Intern, Name:Crowd Dev License) -
Add another remote address / hostname for the application (https://crowd.ruhmesmeile.machine/crowd/console/secure/application/viewremoteaddresses.action?ID=622593):
nextcloud -
Enter
nextcloudand password chosen in the previous step into.env(of leave as is, if you opted to keep the default passwordbetatester) -
Change Nextcloud
config/config.php:docker exec -ti nextcloud bash apt-get update apt-get install vim vi config/config.phpadd the following entries (add the one on
trusted_domains):[..] 'trusted_domains' => array ( 0 => 'localhost', 1 => 'nextcloud.ruhmesmeile.machine', ), 'overwriteprotocol' => 'https', [..]for
overwriteprocotolsee: zorn-v/nextcloud-social-login#71 (comment) -
Finish Nextcloud setup at https://nextcloud.ruhmesmeile.machine/ (Administrator login:
infrastructure / betatester) -
Add
Social Loginapp to Nextcloud (head to: https://nextcloud.ruhmesmeile.machine/settings/apps/social) -
Add
Custom OpenID Connectentry: https://nextcloud.ruhmesmeile.machine/settings/admin/sociallogin- Internal name:
crowd - Title:
Atlassian Crowd - Authorize url:
https://hydra.ruhmesmeile.machine/oauth2/auth - Token url:
https://hydra.ruhmesmeile.machine/oauth2/token - User info URL (optional):
https://hydra.ruhmesmeile.machine/userinfo - Client Id:
test-client - Client Secret:
test-secret - Scope:
openid offline - Save the configuration (Button:
Save)
- Internal name:
-
Test logins (any combination of Nextcloud and Atlassian Crowd first)
- Use real
Client IdandClient Secret, generate 32-character hex strings for both:docker run -it --rm --name my-running-script -v "$PWD/util":/usr/src/myapp -w /usr/src/myapp php:7.2-cli php create-secret-or-id.php
- Research which IP has to be entered in Crowd remote IP address for nextcloud application, document here (candidates: Docker Container IP address, hostname, ...)
- Fix
crowd.token_key(SSO token) generated by Nextcloud / Hydra Crowdprovider login not being usable by Atlassian Crowd (no automatic login). SSO tokens generated by Atlassian Crowd work on Nextcloud, though