Skip to content

SAML groups not fully compatible with Group-folders app #833

New issue
New issue
Open
Open
SAML groups not fully compatible with Group-folders app#833
@jo-krk

Description

@jo-krk
jo-krk
opened on Apr 17, 2024

Hi,

I'm not sure if it's a problem of Nextlcloud Server or user_saml app or groupfolders app, but perhaps you could help me to identify that at least. Thanks!

Steps to reproduce

  1. Add user Bob to group group-A in your IDP (In my case: Keycloak)
  2. Login with user Bob to Nextcloud
  3. group-A is now visible for Admins in my-nextcloud.com/index.php/settings/users
  4. Configure 'Group folder' for group-A in my-nextcloud.com/index.php/settings/admin/groupfolders , let's call it group-A-folder
  5. Create new user Alice add them to group group-A in IDP , but do not login with this user yet.
  6. Remove user Bob from group group-A
  7. Logout & login again with user Bob
  8. Group group-A is no longer visible for Admins in my-nextcloud.com/index.php/settings/users , because last active user doesn't belong to it anymore (?)
  9. Check 'Group folders' config (my-nextcloud.com/index.php/settings/admin/groupfolders) group-A-folder is still there, but as group-A is missing - it's assigned to "None" of the groups
  10. Login with user Alice and confirm that user can't see group-A-folder

Expected behaviour

Groups should be preserved even if last active member has left the group.

Actual behaviour

Groups are dropped as soon as last active member doesn't belong to the group anymore, that breaks compatibility with groupfolders app, even though 'External storage' (my-nextcloud.com/index.php/settings/admin/externalstorages) is preserving those groups

Server configuration

Operating system:
Ubuntu 22.04.2 LTS

Web server:
Apache

Database:
Mariadb

PHP version:
8.1

Nextcloud version:
28.0.4

List of activated apps:

Enabled:
  - activity: 2.20.0
  - admin_audit: 1.18.0
  - circles: 28.0.0
  - cloud_federation_api: 1.11.0
  - comments: 1.18.0
  - contactsinteraction: 1.9.0
  - dashboard: 7.8.0
  - dav: 1.29.1
  - external: 5.3.1
  - federatedfilesharing: 1.18.0
  - federation: 1.18.0
  - files: 2.0.0
  - files_external: 1.20.0
  - files_pdfviewer: 2.9.0
  - files_reminders: 1.1.0
  - files_sharing: 1.20.0
  - files_trashbin: 1.18.0
  - files_versions: 1.21.0
  - firstrunwizard: 2.17.0
  - forms: 4.1.1
  - groupfolders: 16.0.6
  - impersonate: 1.15.0
  - logreader: 2.13.0
  - lookup_server_connector: 1.16.0
  - nextcloud_announcements: 1.17.0
  - notifications: 2.16.0
  - oauth2: 1.16.3
  - password_policy: 1.18.0
  - photos: 2.4.0
  - polls: 7.0.3
  - privacy: 1.12.0
  - provisioning_api: 1.18.0
  - qownnotesapi: 24.4.0
  - related_resources: 1.3.0
  - serverinfo: 1.18.0
  - settings: 1.10.1
  - sharebymail: 1.18.0
  - support: 1.11.1
  - survey_client: 1.16.0
  - systemtags: 1.18.0
  - text: 3.9.1
  - theming: 2.3.0
  - twofactor_backupcodes: 1.17.0
  - updatenotification: 1.18.0
  - user_saml: 6.1.3
  - user_status: 1.8.1
  - viewer: 2.2.0
  - weather_status: 1.8.0
  - workflowengine: 2.10.0

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions