oCIS

What is oCIS

ownCloud Infinite Scale (oCIS) is the new file sync & share platform that will be the foundation of your data management platform.

• https://owncloud.dev/ocis/

Preparation

• ocis.company.com is the FQDN of the ocis server.

• pocket-id.company.com is the FQDN of the pocket-id server.

  [!NOTE] This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application.

Pocket ID configuration

To support the integration of oCIS with Pocket ID, you need to create a OIDC Client in Pocket ID.

Create the groups used by oCIS in Pocket ID

1. Log in to Pocket ID as an admin
2. Navigate to User Groups and click Add Group (repeat for each group - 4 times)
   1. Friendly Name: ocis admin users group Name: ocisAdmin
   2. Friendly Name: ocis space admin user group Name: ocisSpaceAdmin
   3. Friendly Name: ocis user group Name: ocisUser
   4. Friendly Name: ocis guest group Name: ocisGuest

Bind roles used by oCIS with Pocket ID groups

1. Log in to Pocket ID as an admin
2. Navigate to User Groups
3. Click the 3 dots ... on the side of ocisAdmin, ocisSpaceAdmin, ocisUser and ocisGuest and press edit (do per group)..
   1. Add roles and ocisAdmin to Custom Claims and click Save in ocisAdmin group. Add admin users to this group under Users.
   2. Add roles and ocisSpaceAdmin to Custom Claims and click Save in ocisSpaceAdmin group. Add the space admin users to this group under Users.
   3. Add roles and ocisUser to Custom Claims and click Save in ocisUser group. Add standard users to this group under Users.
   4. Add roles and ocisGuest to Custom Claims and click Save in ocisGuest group. Add guests to this group under Users.

Create an OIDC Client

1. Log in to Pocket ID as an admin
2. Navigate to OIDC Clients and click Add OIDC Client

• Name: ocis
• Callback URLs:

  https://ocis.company.com/
  https://ocis.company.com/oidc-callback.html
  https://ocis.company.com/oidc-silent-redirect.html

• Public Client: [x]

Click Save

Add groups to Pocket ID

1. Log in to Pocket ID as an admin

2. Navigate to OIDC Clients and click edit ocis

   • ocisAdmin
   • ocisSpaceAdmin
   • ocisUser
   • ocisGuest

3. Copy the Client ID

Click Save

oCIS configuration

Environment Variables for oCIS and OIDC with Pocket ID

Add your client id from Pocket ID to WEB_OIDC_CLIENT_ID=

example of csp.yaml see https://github.com/owncloud/ocis/blob/master/deployments/examples/ocis_keycloak/config/ocis/csp.yaml

change line 9 (pocket-id.company.com) under connect-src to your Pocket ID URL and mount it to /etc/ocis/csp.yaml in your podman or docker settings.

Create additional OIDC clients for ownCloud desktop and mobile clients:

The Client IDs and secrets are hardcoded in the ownCloud desktop and mobile clients. You can find these values here.

Hardcoded Client secrets are not supported in Pocket ID. Given ownCloud have implemented the optional PKCE extension, a workaround is to instead create the ownCloud desktop and mobile clients as public clients.

1. Log in to Pocket ID as an admin
2. Navigate to OIDC Clients and click Add OIDC Client

• Desktop Client

  Name: ownCloud Desktop Client
  Client ID: xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69
  Callback URLs: http://127.0.0.1:*
  Public Client: [x]

• ocis iOS Client

  Name: ownCloud iOS Client
  Client ID: mxd5OQDk6es5LzOzRvidJNfXLUZS2oN3oUFeXPP8LpPrhx3UroJFduGEYIBOxkY1
  Callback URLs: oc://ios.owncloud.com
  Public Client: [x]

• ocis Android Client

  Name: ownCloud Android Client
  Client ID: e4rAsNUSIUs0lF4nbv9FmCeUkTlV9GdgTLDH1b5uie7syb90SzEVrbN7HIpmWJeD
  Callback URLs: oc://android.owncloud.com
  Public Client: [x]