Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Send user to OpenID login page by default #1646

Open
cheegui opened this issue Jun 3, 2024 · 1 comment
Open

Send user to OpenID login page by default #1646

cheegui opened this issue Jun 3, 2024 · 1 comment
Labels
suggestion Feature suggestion

Comments

@cheegui
Copy link

cheegui commented Jun 3, 2024

Is your feature request related to a problem? Please describe.

Currently, when SFTPGo is integrated with a Openid IDP, there is a "Login with OpenID" link in SFTPGo login page. Is it possible to send user to OpenID login page by default so that the user goes straight to the OpenID login page by default when he goes to the SFTPGo site.

Describe the solution you'd like

OwnCloud OCIS is able send the user directly to the IDP login page, e.g., Keycloak, when the user goes to the OCIS site. For example, user goes to ocis.example.com and he will be automatically redirected to keycloak.example.com where he will login and then be redirected back to ocis.example.com after successful authentication. That is, the user never gets to see the OCIS login page at all.

Describe alternatives you've considered

N/A

What are you using SFTPGo for?

Private user, home usecase (home backup/VPS)

Additional context

Thank you very much

@cheegui cheegui added the suggestion Feature suggestion label Jun 3, 2024
@Mathieu-COSYNS
Copy link

Hi,

I was also interested in this feature and wondered if the implementation could be as straightforward as redirecting the login page to the OCID login page when only the OCID login method is enabled.

Here is the code snippet illustrating the change I had in mind:

diff --git a/internal/httpd/server.go b/internal/httpd/server.go
index 22de7e63..fcf77874 100644
--- a/internal/httpd/server.go
+++ b/internal/httpd/server.go
@@ -227,6 +227,9 @@ func (s *httpdServer) handleClientWebLogin(w http.ResponseWriter, r *http.Reques
                http.Redirect(w, r, webAdminSetupPath, http.StatusFound)
                return
        }
+       if s.binding.OIDC.isEnabled() && !s.binding.isWebClientOIDCLoginDisabled() && s.binding.isWebClientLoginFormDisabled() {
+               http.Redirect(w, r, webClientOIDCLoginPath, http.StatusFound)
+       }
        msg := getFlashMessage(w, r)
        s.renderClientLoginPage(w, r, msg.getI18nError())
 }
@@ -615,6 +618,9 @@ func (s *httpdServer) handleWebAdminLogin(w http.ResponseWriter, r *http.Request
                http.Redirect(w, r, webAdminSetupPath, http.StatusFound)
                return
        }
+       if s.binding.OIDC.hasRoles() && !s.binding.isWebAdminOIDCLoginDisabled() && s.binding.isWebAdminLoginFormDisabled() {
+               http.Redirect(w, r, webAdminOIDCLoginPath, http.StatusFound)
+       }
        msg := getFlashMessage(w, r)
        s.renderAdminLoginPage(w, r, msg.getI18nError())
 }

This change checks if the OCID login is enabled and the web client/admin login forms are disabled. If these conditions are met, it redirects the user to the appropriate OCID login page directly instead of rendering the login page.

Please let me know if you have any questions or suggestions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
suggestion Feature suggestion
Projects
None yet
Development

No branches or pull requests

2 participants