Nextcloud AAI : OIDC : Unity

[darnold-zalf]

Unity is the OIDC AAI tool that we are evaluating, from the Helmholtz AAI.

Carmen Scheuner has an open ticket at https://support.hifis.net/#ticket/zoom/7628 (Helmholtz support - Unity providers).

To investigate the above we need to disable PKCE in config.php: ( From https://github.com/nextcloud/user_oidc?tab=readme-ov-file#pkce )

'user_oidc' => [
    'use_pkce' => false,
],

[darnold-zalf]

I've manually enabled the setting in production nextcloud config.php: To do it properly we would merge the associated PR once Carmen/Stephan confirm that Unity login is working.

'user_oidc' => [ 'use_pkce' => false, ],

[darnold-zalf]

From https://support.hifis.net/#ticket/zoom/7628 another consortia using Helmholtz AAI + OIDC for NC needed to do this:

The are using this plugin 1 and applied this patch 2 to one of the libs.

Best regards,
Sander Apweiler

[cscheuner]

As far as I know, the current state is that we cannot use OIDC.
Since the connection with SAML worked for didmos, it might be an option to also switch to SAML for Unity.

[darnold-zalf]

We have a working PoC (proof of concept) using didmos SAML.
Going with unity OIDC involves a significant amount of work and needs to be prioritised accordingly.
Placing ticket into backlog until further notice.