@@ -36,11 +36,11 @@ The need for this smoke testing (manual) is that we do not have e2e test setup t
3636
3737### A1. Oauth configuration
3838- [ ] Keep two browser tabs open: one for ` OpenProject ` and one for ` Nextcloud ` .
39- - [ ] In ` OpenProject ` , navigate to ` Administration > Files ` and add a new ` Nextcloud ` storage:
40- - Add name to ` Nextcloud ` and host to ` <openproject_host > ` .
39+ - [ ] In ` OpenProject ` , as an ` admin ` navigate to ` Administration > Files ` and add a new ` Nextcloud ` storage:
40+ - Add name to ` Nextcloud ` and host to ` <nextcloud_host > ` .
4141 - Select ` Two-way OAuth 2.0 authorization code flow ` as the authentication method.
4242 - Click ` Save and Continue ` — note the generated ` OpenProject OAuth Client ID ` and ` Client Secret ` .
43- - [ ] In ` Nextcloud ` , navigate to ` Administration Settings > OpenProject ` :
43+ - [ ] In ` Nextcloud ` , as an ` admin ` navigate to ` Administration Settings > OpenProject ` :
4444 - Set ` OpenProject server ` to ` <openproject_host> ` .
4545 - Select ` Two-way OAuth 2.0 authorization code flow ` as the authentication method.
4646 - Enter the ` OpenProject OAuth Client ID ` and ` Client Secret ` copied from the previous step.
@@ -73,6 +73,7 @@ The need for this smoke testing (manual) is that we do not have e2e test setup t
7373- [ ] Navigate to ` Files ` tab, and login to ` Nextcloud ` .
7474- [ ] ` OpenProject ` admin is connected to ` Nextcloud ` as a ` Nextcloud ` admin.
7575- [ ] Add the created ` OpenProject ` user as the member of ` Demo Project ` project (admin can add members to a project).
76+ - [ ] Login as created user in both openproject and nextcloud
7677- [ ] Try to connect the created ` OpenProject ` user as created ` Nextcloud ` user.
7778- [ ] ` OpenProject ` user should be connected as a ` Nextcloud ` user.
7879
@@ -107,17 +108,19 @@ bash integration_setup.sh
107108### B.1: Nextcloud Hub as IDP
108109
109110#### B.1.1. Configure Nextcloud
110- - [ ] In Nextcloud, install and enable ` OIDC Identity Provider ` (` oidc ` ) and ` OpenID Connect user backend ` (` user_oidc ` ) apps.
111+ - [ ] In Nextcloud, login as admin.
112+ - [ ] Install and enable ` OIDC Identity Provider ` (` oidc ` ) and ` OpenID Connect user backend ` (` user_oidc ` ) apps.
111113- [ ] Create a new user( with username, display name, password, and email)
112- - [ ] Run following command:
113- - ` php occ config:system:set user_oidc --type boolean --value="true" oidc_provider_bearer_validation `
114- - Note: This enables bearer token validation for ` user_oidc ` . Without it, login or connection may fail. This may also be missing during local setups.
114+ - [ ] Check whether ` oidc_provider_bearer_validation ` exists and is set to ` true ` by running ` php occ config:list ` .
115+ > ** Note:** This requires the OIDC Identity Provider app >= v1.4.0 . Access tokens and JWT tokens can be validated.
116+ - [ ] If the setting does not exist or is set to ` false ` , run:
117+ - ` php occ config:system:set user_oidc --type boolean --value="true" oidc_provider_bearer_validation `
115118- [ ] Go to ` Administration > OpenID Connect ` and enable ` store login tokens ` option.
116119- [ ] Go to ` Administation > OpenID Connect Provider `
117120 - Click the button ` + Add client ` :
118121 - Add a client name (not an identifier) such as ` openproject `
119- - Add a redirect URL ( <openproject_host>/auth/oidc-<idp-displayname-from-openproject >/callback)
120- - Choose Signing Algorithm option as ` RS246 ` .
122+ - Add a redirect URL : ` <openproject_host>/auth/oidc-<idp_displayname_from_openproject >/callback `
123+ - Choose Signing Algorithm option as ` RS256 ` .
121124 - Choose Client Type as ` Confidential ` and click on ` Add ` button.
122125 - After clicking ` add ` button, click on recently created client.
123126 - Choose ` Access Token Type ` as ` JWT Access Token (RFC9068) ` and click on ` save ` button.
@@ -127,7 +130,8 @@ bash integration_setup.sh
127130 - Copy the Client ID and Client secret (you will need these later in OpenProject and integration_openproject).
128131
129132#### B.1.2. Add Nextcloud IDP in OpenProject (Without project folder setup)
130- - [ ] In OpenProject, go to ` Administration > Authentication > OpenID providers `
133+ - [ ] In OpenProject, login as admin.
134+ - [ ] Go to ` Administration > Authentication > OpenID providers `
131135- [ ] Add a new custom OpenID provider:
132136 - Display name: ` nextcloud ` (use this name as redirect URL in Nextcloud: <idp-displayname-from-openproject >)
133137 - Discovery URL: ` <nextcloud_instance_url>/index.php/.well-known/openid-configuration `
@@ -146,7 +150,8 @@ bash integration_setup.sh
146150#### B.1.3. Setup integration (Without project folder setup)
147151- [ ] Complete step [ Test No B.1.1] ( #B11-Configure-Nextcloud ) .
148152- [ ] Complete step [ Test No B.1.2] ( #B12-Add-Nextcloud-Idp-in-OpenProject ) .
149- - [ ] In nextcloud, go to ` Administration > OpenProject ` .
153+ - [ ] In nextcloud, as admin go to ` Administration > OpenProject ` .
154+ - [ ] Add openproject host.
150155- [ ] Under ` Authentication Method ` , select ` Single-Sign-On through OpenID Connect Identity Provider ` .
151156- [ ] In ` Authentication settings ` , select ` provider Type ` as ` Nextcloud Hub ` .
152157- [ ] Set Openproject ` client ID ` by Client ID copied earlier in ** Test No B1** .
@@ -195,16 +200,26 @@ bash integration_setup.sh
195200- [ ] Logout
196201
197202#### B.2.3. Add Keycloak IDP in OpenProject
198- - [ ] As an user ` admin ` , go to ` Administration > Authentication > OpenID providers `
203+ - [ ] In openproject as an user ` admin ` , go to ` Administration > Authentication > OpenID providers `
199204- [ ] Add a new custom OpenID provider:
200205 - Display name: ` keycloak `
201206 - Discovery URL: ` <keycloak_instance_url>/realms/<realm-name>/.well-known/openid-configuration `
202- - Client ID: Client ID of openproject from keycloak
207+ - Client ID: Client ID of openproject provided by keycloak in the < realm-name > realm.
203208 - Client secret: Client secret of openproject from keycloak
209+ - [ ] go to Administration > Files
210+ - [ ] Create a file storage type Nextcloud by clicking the button ` + Storage ` and choosing Nextcloud
211+ - [ ] Add name as Nextcloud.
212+ - [ ] Add Host as ` <nextcloud-host> `
213+ - [ ] Choose authentication Method option as Single-Sign-On through OpenID Connect Identity Provider.
214+ - [ ] Then, select the option ` Use access token obtained during user log in ` .
215+ - [ ] Uncheck project folder (automatically managed folder).
216+ - [ ] Click on button ` Finish setup ` .
204217- [ ] Navigate to ` Project settings > Files ` of a project (for example, ` Demo Project ` ) and add ` Nextcloud ` as a file storage.
205- - [ ] Login as keycloak-created user in ` Openproject ` .
206- - [ ] Log out, then Login as admin in ` Openproject ` .
207- - [ ] As an ` OpenProject ` admin, add keycloak-created user as a member in one of the project.
218+ - [ ] In Keycloak, go to the user management section. For example, if your realm name is ` opnc ` , navigate to: ` opnc > Users `
219+ - [ ] Then create a user.
220+ - [ ] In ` Openproject ` , login as keycloak-created user .
221+ - [ ] In ` Openproject ` , log out, then Login as admin .
222+ - [ ] As an ` OpenProject ` admin, add keycloak-created user as a member in one of the project (for example, ` Demo Project ` ).
208223
209224#### B.2.4. Setup integration (token exchange disabled) in Nexcloud
210225- [ ] As an ` admin ` user, go to ` Administration > OpenProject ` .
@@ -229,7 +244,7 @@ bash integration_setup.sh
229244- [ ] Under ` Authentication Method ` , select ` Single-Sign-On through OpenID Connect Identity Provider `
230245- [ ] In ` Authentication settings ` , select ` provider Type ` as ` Keycloak `
231246- [ ] Enable ` token exchange `
232- - [ ] Set ` OpenProject client ID * ` as ` Openproject `
247+ - [ ] Set ` OpenProject client ID * ` as ` openproject `
233248
234249#### B.2.8. Verify Connection in nextcloud
235250- [ ] Complete step [ Test No B.2.1] ( #b21-Configure-Keycloak ) .
0 commit comments