Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is environment variable SAML_ENABLED working? #62

Open
adeliae1316 opened this issue Jul 2, 2022 · 4 comments
Open

Is environment variable SAML_ENABLED working? #62

adeliae1316 opened this issue Jul 2, 2022 · 4 comments

Comments

@adeliae1316
Copy link

adeliae1316 commented Jul 2, 2022
edited
Loading

I would like to have saml configured when starting growi with docker-compose.

see Environment Variables, SAML_ENABLE SAML_ENABLED appears to be supported.

However, even with SAML_ENABLE=true SAML_ENABLED=true, the External auth button does not appear in the sign-in window.

Do I need to set it up in the GUI?

Thank you.
@yuki-takei
Copy link
Member

@adeliae1316 If you set SAML_ENABLED instead of SAML_ENABLE, it should work fine. Please confirm your configuration🙂

@adeliae1316
Copy link
Author

@yuki-takei

Thank you for your reply.
I'm sorry. SAML_ENABLE in issue sentence is typo.
In my docker-compose.yaml, use SAML_ENABLED.
But just enabling SAML_ENABLED does not seem to enable SAML.

I'm not good at js/ts, but I did some debugging.
I noticed that SAML_ENABLED was registered in the DB from the time the container was started.
It seems that the ENV value is ignored due to that effect.

{
"log": "{\"name\":\"growi:service:ConfigManager\",\"hostname\":\"611ed97aac78\",\"pid\":14,\"level\":20,\"msg\":\"crowi.security:passport-saml:isEnabled exists both in db and in env vars. loaded from db\",\"time\":\"2022-07-11T09:57:27.603Z\",\"v\":0}\n",
"stream": "stdout",
"time": "2022-07-11T09:57:27.604080925Z"
}
{
"log": "{\"name\":\"growi:service:ConfigManager\",\"hostname\":\"611ed97aac78\",\"pid\":14,\"level\":20,\"msg\":\"security:passport-saml:isEnabled false\",\"time\":\"2022-07-11T09:57:27.603Z\",\"v\":0}\n",
"stream": "stdout",
"time": "2022-07-11T09:57:27.604093893Z"
}

Finally, I was able to enable SAML_ENABLED by enabling SAML_USES_ONLY_ENV_VARS_FOR_SOME_OPTIONS.

Is this procedure only for my environment?

@adeliae1316 adeliae1316 changed the title Is environment variable SAML_ENABLE working? Is environment variable SAML_ENABLED working? Jul 11, 2022
@yuki-takei
Copy link
Member

Is this procedure only for my environment?

No, this is designed behavior.

The reason why SAML_ENABLED and SAML_USES_ONLY_ENV_VARS_FOR_SOME_OPTIONS are prepared is for the managers who want to make SAML_ENABLED unchangable from /admin screen.

@adeliae1316
Copy link
Author

adeliae1316 commented Jul 23, 2022
edited
Loading

Thank you your reply.

お互い日本語話者と思いますので、日本語で認識合わせさせてください。
SAML_USES_ONLY_ENV_VARS_FOR_SOME_OPTIONS オプションの役割は理解しました。

SAML_ENABLED だけを設定してもSAMLが有効化されないことから、
環境変数で設定可能な項目において、valueがbooleanのものは、環境変数よりも実装上の規定値が優先されてしまっているのでは、という疑問でした。

上記がyesであり、意図通りなのであれば、セットアップ時にSAML_ENABLED だけを設定しても無視されるので、SAML_USES_ONLY_ENV_VARS_FOR_SOME_OPTIONS も併せて設定すべきであると、どこかに書いていただくのが良いかと思います。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yuki-takei @adeliae1316