Is environment variable SAML_ENABLED working?

Question

Is environment variable SAML_ENABLED working?

Opened this issue 2 years ago · 4 comments

I would like to have saml configured when starting growi with docker-compose.

see Environment Variables, ~~SAML_ENABLE~~ SAML_ENABLED appears to be supported.

However, even with ~~SAML_ENABLE=true~~ SAML_ENABLED=true, the External auth button does not appear in the sign-in window.

Do I need to set it up in the GUI?

Thank you.

Answer 1 · 2022-07-06T23:42:04.000Z

@adeliae1316 If you set SAML_ENABLED instead of SAML_ENABLE, it should work fine. Please confirm your configuration🙂

Answer 2 · 2022-07-11T12:58:47.000Z

@yuki-takei

Thank you for your reply.
I'm sorry. SAML_ENABLE in issue sentence is typo.
In my docker-compose.yaml, use SAML_ENABLED.
But just enabling SAML_ENABLED does not seem to enable SAML.

I'm not good at js/ts, but I did some debugging.
I noticed that SAML_ENABLED was registered in the DB from the time the container was started.
It seems that the ENV value is ignored due to that effect.

{
"log": "{\"name\":\"growi:service:ConfigManager\",\"hostname\":\"611ed97aac78\",\"pid\":14,\"level\":20,\"msg\":\"crowi.security:passport-saml:isEnabled exists both in db and in env vars. loaded from db\",\"time\":\"2022-07-11T09:57:27.603Z\",\"v\":0}\n",
"stream": "stdout",
"time": "2022-07-11T09:57:27.604080925Z"
}
{
"log": "{\"name\":\"growi:service:ConfigManager\",\"hostname\":\"611ed97aac78\",\"pid\":14,\"level\":20,\"msg\":\"security:passport-saml:isEnabled false\",\"time\":\"2022-07-11T09:57:27.603Z\",\"v\":0}\n",
"stream": "stdout",
"time": "2022-07-11T09:57:27.604093893Z"
}

Finally, I was able to enable SAML_ENABLED by enabling SAML_USES_ONLY_ENV_VARS_FOR_SOME_OPTIONS.

config-manager.ts#L82-L84

Is this procedure only for my environment?

Answer 3 · 2022-07-22T06:49:13.000Z

Is this procedure only for my environment?

No, this is designed behavior.

The reason why SAML_ENABLED and SAML_USES_ONLY_ENV_VARS_FOR_SOME_OPTIONS are prepared is for the managers who want to make SAML_ENABLED unchangable from /admin screen.

Answer 4 · 2022-07-23T00:06:00.000Z

Thank you your reply.

お互い日本語話者と思いますので、日本語で認識合わせさせてください。
SAML_USES_ONLY_ENV_VARS_FOR_SOME_OPTIONS オプションの役割は理解しました。

SAML_ENABLED だけを設定してもSAMLが有効化されないことから、
環境変数で設定可能な項目において、valueがbooleanのものは、環境変数よりも実装上の規定値が優先されてしまっているのでは、という疑問でした。

上記がyesであり、意図通りなのであれば、セットアップ時にSAML_ENABLED だけを設定しても無視されるので、SAML_USES_ONLY_ENV_VARS_FOR_SOME_OPTIONS も併せて設定すべきであると、どこかに書いていただくのが良いかと思います。