Open gdurifw opened 5 years ago
I'm encountering the same issue with simplesamlphp. Haven't dug deeper but it seems to me that NC reuqires some sort of own request token, which is not supplied by IdP-initiated SSO.
I'm encountering the same issue using Okta as the IDP.
Operating system: Official Docker nextcloud:14.03 Web server: Official Docker nextcloud:14.03 Database: Official Docker nextcloud:14.03 (SQLLite) PHP version:Official Docker nextcloud:14.03 Nextcloud version: Official Docker nextcloud:14.03
Where did you install Nextcloud from: Docker Hub - nextcloud:14.03
List of activated apps:
$ ./occ app:list Enabled:
Nextcloud configuration:
$ ./occ config:list system { "system": { "htaccess.RewriteBase": "\/", "memcache.local": "\OC\Memcache\APCu", "apps_paths": [ { "path": "\/var\/www\/html\/apps", "url": "\/apps", "writable": false }, { "path": "\/var\/www\/html\/custom_apps", "url": "\/custom_apps", "writable": true } ], "instanceid": "REMOVED SENSITIVE VALUE", "passwordsalt": "REMOVED SENSITIVE VALUE", "secret": "REMOVED SENSITIVE VALUE", "trusted_domains": [ "**.eu-west-2.compute.amazonaws.com:8080" ], "datadirectory": "**REMOVED SENSITIVE VALUE", "dbtype": "sqlite3", "version": "14.0.3.0", "overwritehost": ".eu-west-2.compute.amazonaws.com:8080", "overwrite.cli.url": ".eu-west-2.compute.amazonaws.com:8080", "installed": true, "maintenance": false } } { "system": { "htaccess.RewriteBase": "\/", "memcache.local": "\OC\Memcache\APCu", "apps_paths": [ { "path": "\/var\/www\/html\/apps", "url": "\/apps", "writable": false }, { "path": "\/var\/www\/html\/custom_apps", "url": "\/custom_apps", "writable": true } ], "instanceid": "REMOVED SENSITIVE VALUE", "passwordsalt": "REMOVED SENSITIVE VALUE", "secret": "REMOVED SENSITIVE VALUE", "trusted_domains": [ "**.eu-west-2.compute.amazonaws.com:8080" ], "datadirectory": "**REMOVED SENSITIVE VALUE", "dbtype": "sqlite3", "version": "14.0.3.0", "overwritehost": ".eu-west-2.compute.amazonaws.com:8080", "overwrite.cli.url": ".eu-west-2.compute.amazonaws.com:8080", "installed": true, "maintenance": false } }
I likewise today hit the same issue. SP initiated SAML works properly but IDP initiated SAML i am left with a null response. It would be really nice having this work in both directions.
Same issue here. My workaround with this (for Okta):
Now if the user clicks on the bookmark, Okta will just call Nextcloud and Nextcloud will be doing a SP-initiated flow. It is no IdP-initiated flow, but for the user it doesn't matter if it works ;)
Hey Everyone A beginner here.. Can somebody help me as of how to initiate SAML Connection from Nextcloud (SP) side to my Idp ? I don't have any login URL/SAML Button etc in Nextcloud...
Steps to reproduce
Expected behaviour
A valid SamlReponse provided by Idp initiated SAML ( es: from a Oracle OAM SDK) should be validate from the nextcloud ACS endpoint without a "null" error. If the SamlReponse is valid, Nextcloud should be grant access to the session.
Actual behaviour
Tell us what happens instead
We would like to use the IDP initiated SAML (instead of the native Login Flow & SP Initiated SAML) because of the Oracle OAM integration provided by SDK OAM Oracle integration, but we have an «null» error when we submit the saml response to the ACS EndPoint.
Is IDP initiated SAML, instead of SP initiated SAML, supported at all ?
Server configuration
Operating system: Officiale Docker Netcloud:13.04
Web server: Officiale Docker Netcloud:13.04
Database: Officiale Docker Netcloud:13.04
PHP version:Officiale Docker Netcloud:13.04
Nextcloud version: Officiale Docker Netcloud:13.04
Where did you install Nextcloud from:Officiale Docker Netcloud:13.04
List of activated apps:
$ ./occ app:list Enabled:
Nextcloud configuration:
$ ./occ config:list system { "system": { "debug": false, "log_type": "owncloud", "logfile": "\/var\/www\/html\/nextcloud.log", "loglevel": "1", "auth.bruteforce.protection.enabled": false, "logtimezone": "Europe\/Rome", "skeletondirectory": "\/config\/userskeleton", "knowledgebaseenabled": true, "log_rotate_size": 0, "logdateformat": "F d, Y H:i:s", "datadirectory": "REMOVED SENSITIVE VALUE", "updatechecker": false, "check_for_working_htaccess": false, "check_data_directorypermissions": false, "asset-pipeline.enabled": false, "assetdirectory": "\/var\/www\/html\/data", "dbtype": "mysql", "filelocking.enabled": true, "filelocking.ttl": 3600, "integrity.check.disabled": true, "version": "13.0.4.0", "dbname": "REMOVED SENSITIVE VALUE", "dbhost": "REMOVED SENSITIVE VALUE", "dbtableprefix": "oc", "dbuser": "REMOVED SENSITIVE VALUE", "mysql.utf8mb4": true, "dbpassword": "REMOVED SENSITIVE VALUE", "installed": true, "apps_paths": [ { "path": "\/var\/www\/html\/apps", "url": "\/apps", "writable": true }, { "path": "\/var\/www\/html\/apps", "url": "\/apps-appstore", "writable": true } ], "trusted_domains": [ "REMOVED SENSITIVE VALUE", "*" ], "instanceid": "REMOVED SENSITIVE VALUE", "overwrite.cli.url": "REMOVED SENSITIVE VALUE", "ldapIgnoreNamingRules": false, "ldapProviderFactory": "\OCA\User_LDAP\LDAPProviderFactory" } }