!ybaSlrrMNLeuoQuUuR:matrix.org

CodiMD

216 Members
We run, support and develop the community project CodiMD | Latest version: https://demo.codimd.org/ | Repository: https://github.com/codimd/server | Follow us at: https://social.codimd.org/mastodon49 Servers

Load older messages


Timestamp Message
24 Jan 2020
14:53:32@foobarable:matrix.orgfoobarable * our id is not really mail, you can omit it as well to use the NaneID from the SAML assertion
14:54:13@gbiscuolo:matrix.orgGiovanni Biscuolo * mumble: do I have to switch on SAML auth before?
14:58:09@gbiscuolo:matrix.orgGiovanni BiscuoloOK, I'm going to try, thanks a lot! The fact is that the the config.json of my docker image is created at build time via docker-compose (AFAIU), so in my current instance, lacking explicit config env, the resulting config.json completely lacks a "saml" section
14:59:15@gbiscuolo:matrix.orgGiovanni Biscuoloall this just to say that IMHO point 1 and 2 on https://github.com/hackmdio/codimd/blob/master/docs/guides/auth/saml.md should be swapped
14:59:21@foobarable:matrix.orgfoobarablethat would explain it
15:02:00@sheogorath:shivering-isles.comSheogorath Giovanni Biscuolo: Before we go too much into it, please make sure you use our repository, not the HackMD team's
15:02:11@gbiscuolo:matrix.orgGiovanni Biscuolo last but not least: https://github.com/hackmdio/codimd/blob/master/docs/guides/auth/saml.md cites HMD_SAML_ISSUER and HMD_SAML_IDENTIFIERFORMAT but https://github.com/codimd/server/blob/master/docs/configuration-env-vars.md doc calls them differently (s/HMD/CMD)
15:02:40@sheogorath:shivering-isles.comSheogorath check that you got the soruces from https://github.com/codimd/server/ and not from https://github.com/hackmdio/codimd/ (which is the docs you link)
15:03:13@gbiscuolo:matrix.orgGiovanni Biscuolo I'm, almost sure I'm using yours, but'll double ckeck: thanks!
15:04:07@sheogorath:shivering-isles.comSheogorath Giovanni Biscuolo: Nice :) Just want to make sure we can actually help you as we have no control over HackMD's version and they did lots of change
15:04:50@gbiscuolo:matrix.orgGiovanni Biscuolo
In reply to @sheogorath:shivering-isles.com
Giovanni Biscuolo: Before we go too much into it, please make sure you use our repository, not the HackMD team's
* I'm, almost sure I'm using yours, but'll double ckeck: thanks!
15:08:38@sheogorath:shivering-isles.comSheogorathif you want to use a config.json, by the way, you can still mount it into the container. We don't do this by default, because we try to stay with the 12-Factor App standards and therefore use environment variables from configs
15:09:27@sheogorath:shivering-isles.comSheogorathBut I definitely agree that the guide lacks some important parts D:
15:13:34@gbiscuolo:matrix.orgGiovanni BiscuoloI'd also like to use env to config my instance, if I'll manage to fix my config I'd like to propose a patch to that guide :-)
15:36:05@sheogorath:shivering-isles.comSheogorathAwesome, let me know how that goes. I can give you some additional pointers: https://www.npmjs.com/package/passport-saml <-- the library we use for saml https://github.com/codimd/server/blob/master/lib/web/auth/saml/index.js <-- the implementation on our side https://github.com/codimd/server/blob/c9e66c0385afe55fcc140cc815d876982358f48e/lib/config/environment.js#L118-L131 <-- the mapping of environment variables to config variables
15:36:25@sheogorath:shivering-isles.comSheogorath Giovanni Biscuolo: ^ Hope that can help debugging
16:00:18@gbiscuolo:matrix.orgGiovanni Biscuolo Sheogorath: thanks a lot for the pointers, very useful!
16:03:15@gbiscuolo:matrix.orgGiovanni Biscuolo

anyway, I added this two env variables:

CMD_SAML_ISSUER=https://pad.mydomain.com/saml
CMD_SAML_GROUPATTRIBUTE=memberOf

and verified that they are defined in the docker env... but still getting 404 (when logged in as registered user) or required auth when not logged in

16:07:53@gbiscuolo:matrix.orgGiovanni BiscuoloI'm going to write an help post on the forum, if someone have a working docker instance using SAML via env variables please just say "it works for me" :-)
17:19:30@sheogorath:shivering-isles.comSheogorathLet me check, I think my private instance either runs SAML or ODIC
17:19:51@sheogorath:shivering-isles.comSheogorathmhm ODIC
17:20:05@sheogorath:shivering-isles.comSheogorath * Let me check, I think my private instance either runs SAML or ODIC
17:26:11@sheogorath:shivering-isles.comSheogorath Giovanni Biscuolo: Do you have the idpCert mapped into the container? this should be needed in order to make things work
17:26:18@sheogorath:shivering-isles.comSheogorath * Giovanni Biscuolo: Do you have the idpCert mapped into the container? this should be needed in order to make things work
17:31:20@gbiscuolo:matrix.orgGiovanni Biscuolo Sheogorath: no I did not configured (and loaded cert) into the container, but do I need it "just" to access the auth/saml/metadata URL and get the SP (CodiMD) XML metadata?
17:34:54@_neb_rssbot_=40sheogorath=3ashivering-isles.com:matrix.orgRSS Bot [@sheogorath:shivering-isles.com] CodiMD Community - Latest topics:
Problem configuring SAML auth
17:35:26@sheogorath:shivering-isles.comSheogorath Giovanni Biscuolo: Not completely sure, looking at the code for a second suggests it: https://github.com/codimd/server/blob/c9e66c0385afe55fcc140cc815d876982358f48e/lib/web/auth/saml/index.js#L15-L22
17:39:45@gbiscuolo:matrix.orgGiovanni Biscuolo

Sheogorath: that is for auth/saml/callback, the auth/saml/metadada code is:

samlAuth.get('/auth/saml/metadata', function (req, res) {
  res.type('application/xml')
  res.send(passport._strategy('saml').generateServiceProviderMetadata())
}
17:40:39@gbiscuolo:matrix.orgGiovanni Biscuoloplease how can I set debugging log level with env variables?
17:41:41@gbiscuolo:matrix.orgGiovanni Biscuolo
In reply to @gbiscuolo:matrix.org
please how can I set debugging log level with env variables?
ah, nevermind: found CMD_LOGLEVEL

There are no newer messages yet.


Back to Room List