search

nextcloud / user_saml

:lock: App for authenticating Nextcloud users using SAML https://apps.nextcloud.com/apps/user_saml
https://portal.nextcloud.com/article/configuring-single-sign-on-10.html
GNU Affero General Public License v3.0
96 stars 76 forks source link

New User Creation Fails #551

Open redstonedesigner opened 3 years ago

redstonedesigner commented 3 years ago

Steps to reproduce

  1. Configure SAML to auto-create users
  2. Create new user in IdP (https://goauthentik.io)
  3. New user fails authentication with internal server error

Expected behaviour

Tell us what should happen

User account is created according to SAML attributes. (I've verified that the settings are being carried over owing to the fact that my SAML account is getting updated when I change a value)

Actual behaviour

Tell us what happens instead

User is greeted with "Internal Server Error" page upon successful IdP authentication.

Server configuration

Operating system: Ubuntu 20.04

Web server: Nginx

Database: MariaDB

PHP version: 7.4.3

Nextcloud version: (see Nextcloud admin page) 22.1.0

Where did you install Nextcloud from: Web Installer

List of activated apps:

Enabled:
  - accessibility: 1.7.0
  - activity: 2.15.0
  - admin_audit: 1.11.0
  - announcementcenter: 6.0.0
  - approval: 1.0.7
  - bruteforcesettings: 2.2.0
  - calendar: 2.3.4
  - cloud_federation_api: 1.4.0
  - comments: 1.11.0
  - customproperties: 2.0.4
  - dashboard: 7.1.0
  - data_request: 1.9.0
  - dav: 1.18.0
  - deck: 1.5.3
  - event_update_notification: 1.3.0
  - external: 3.9.0
  - federatedfilesharing: 1.11.0
  - files: 1.16.0
  - files_accesscontrol: 1.12.0
  - files_antivirus: 3.2.2
  - files_automatedtagging: 1.12.0
  - files_downloadactivity: 1.11.1
  - files_pdfviewer: 2.3.0
  - files_rightclick: 1.1.0
  - files_sharing: 1.13.2
  - files_trackdownloads: 1.11.0
  - files_trashbin: 1.11.0
  - files_versions: 1.14.0
  - files_videoplayer: 1.11.0
  - fileslibreofficeedit: 1.0.2
  - firstrunwizard: 2.11.0
  - flow_notifications: 1.2.0
  - forms: 2.3.0
  - group_everyone: 0.1.8
  - groupfolders: 10.0.0
  - guests: 2.0.2
  - logreader: 2.7.0
  - lookup_server_connector: 1.9.0
  - nextcloud_announcements: 1.11.0
  - notes: 4.1.1
  - notifications: 2.10.1
  - oauth2: 1.9.0
  - password_policy: 1.12.0
  - passwords: 2021.10.20
  - polls: 3.2.0
  - privacy: 1.6.0
  - provisioning_api: 1.11.0
  - quota_warning: 1.11.0
  - ransomware_protection: 1.11.0
  - serverinfo: 1.12.0
  - settings: 1.3.0
  - sharebymail: 1.11.0
  - systemtags: 1.11.0
  - tasks: 0.14.2
  - text: 3.3.0
  - theming: 1.12.0
  - twofactor_admin: 3.1.0
  - twofactor_backupcodes: 1.10.1
  - twofactor_nextcloud_notification: 3.2.1
  - twofactor_totp: 6.1.0
  - twofactor_u2f: 6.2.0
  - updatenotification: 1.11.0
  - user_retention: 1.5.0
  - user_saml: 4.1.1
  - user_status: 1.1.1
  - viewer: 1.6.0
  - weather_status: 1.1.0
  - workflow_ocr: 1.22.1
  - workflow_pdf_converter: 1.7.0
  - workflow_script: 1.7.0
  - workflowengine: 2.3.0

Nextcloud configuration:

{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "cloud.tapple.world"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "22.1.0.1",
        "overwrite.cli.url": "https:\/\/cloud.tapple.world",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "mail_smtpmode": "smtp",
        "mail_smtpsecure": "ssl",
        "mail_sendmailmode": "smtp",
        "mail_smtpauthtype": "LOGIN",
        "app_install_overwrite": [
            "announcementcenter",
            "groupfolders"
        ],
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpauth": 1,
        "mail_smtpport": "465",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "maintenance": false,
        "theme": "",
        "loglevel": 2,
        "updater.secret": "***REMOVED SENSITIVE VALUE***"
    }
}

Logs

Nextcloud log (data/owncloud.log)

{
  "reqId": "TY55E4Sx4BT8HsCdPkGy",
  "level": 3,
  "time": "2021-10-04T19:30:15+00:00",
  "remoteAddr": "[REDACTED]",
  "user": "--",
  "app": "index",
  "method": "POST",
  "url": "/apps/user_saml/saml/acs",
  "message": "An exception occurred while executing a query: SQLSTATE[HY000]: General error: 1364 Field 'displayname' doesn't have a default value",
  "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36",
  "version": "22.1.0.1",
  "exception": {
    "Exception": "Doctrine\\DBAL\\Exception\\NotNullConstraintViolationException",
    "Message": "An exception occurred while executing a query: SQLSTATE[HY000]: General error: 1364 Field 'displayname' doesn't have a default value",
    "Code": 1364,
    "Trace": [
      {
        "file": "/var/www/cloud/3rdparty/doctrine/dbal/src/Connection.php",
        "line": 1728,
        "function": "convert",
        "class": "Doctrine\\DBAL\\Driver\\API\\MySQL\\ExceptionConverter",
        "type": "->"
      },
      {
        "file": "/var/www/cloud/3rdparty/doctrine/dbal/src/Connection.php",
        "line": 1667,
        "function": "handleDriverException",
        "class": "Doctrine\\DBAL\\Connection",
        "type": "->"
      },
      {
        "file": "/var/www/cloud/3rdparty/doctrine/dbal/src/Connection.php",
        "line": 1146,
        "function": "convertExceptionDuringQuery",
        "class": "Doctrine\\DBAL\\Connection",
        "type": "->"
      },
      {
        "file": "/var/www/cloud/lib/private/DB/Connection.php",
        "line": 262,
        "function": "executeStatement",
        "class": "Doctrine\\DBAL\\Connection",
        "type": "->"
      },
      {
        "file": "/var/www/cloud/3rdparty/doctrine/dbal/src/Query/QueryBuilder.php",
        "line": 213,
        "function": "executeStatement",
        "class": "OC\\DB\\Connection",
        "type": "->"
      },
      {
        "file": "/var/www/cloud/lib/private/DB/QueryBuilder/QueryBuilder.php",
        "line": 287,
        "function": "execute",
        "class": "Doctrine\\DBAL\\Query\\QueryBuilder",
        "type": "->"
      },
      {
        "file": "/var/www/cloud/apps/user_saml/lib/UserBackend.php",
        "line": 144,
        "function": "execute",
        "class": "OC\\DB\\QueryBuilder\\QueryBuilder",
        "type": "->"
      },
      {
        "file": "/var/www/cloud/apps/user_saml/lib/Controller/SAMLController.php",
        "line": 156,
        "function": "createUserIfNotExists",
        "class": "OCA\\User_SAML\\UserBackend",
        "type": "->"
      },
      {
        "file": "/var/www/cloud/apps/user_saml/lib/Controller/SAMLController.php",
        "line": 335,
        "function": "autoprovisionIfPossible",
        "class": "OCA\\User_SAML\\Controller\\SAMLController",
        "type": "->"
      },
      {
        "file": "/var/www/cloud/lib/private/AppFramework/Http/Dispatcher.php",
        "line": 217,
        "function": "assertionConsumerService",
        "class": "OCA\\User_SAML\\Controller\\SAMLController",
        "type": "->"
      },
      {
        "file": "/var/www/cloud/lib/private/AppFramework/Http/Dispatcher.php",
        "line": 126,
        "function": "executeController",
        "class": "OC\\AppFramework\\Http\\Dispatcher",
        "type": "->"
      },
      {
        "file": "/var/www/cloud/lib/private/AppFramework/App.php",
        "line": 156,
        "function": "dispatch",
        "class": "OC\\AppFramework\\Http\\Dispatcher",
        "type": "->"
      },
      {
        "file": "/var/www/cloud/lib/private/Route/Router.php",
        "line": 301,
        "function": "main",
        "class": "OC\\AppFramework\\App",
        "type": "::"
      },
      {
        "file": "/var/www/cloud/lib/base.php",
        "line": 1000,
        "function": "match",
        "class": "OC\\Route\\Router",
        "type": "->"
      },
      {
        "file": "/var/www/cloud/index.php",
        "line": 36,
        "function": "handleRequest",
        "class": "OC",
        "type": "::"
      }
    ],
    "File": "/var/www/cloud/3rdparty/doctrine/dbal/src/Driver/API/MySQL/ExceptionConverter.php",
    "Line": 111,
    "Previous": {
      "Exception": "Doctrine\\DBAL\\Driver\\PDO\\Exception",
      "Message": "SQLSTATE[HY000]: General error: 1364 Field 'displayname' doesn't have a default value",
      "Code": 1364,
      "Trace": [
        {
          "file": "/var/www/cloud/3rdparty/doctrine/dbal/src/Driver/PDO/Statement.php",
          "line": 84,
          "function": "new",
          "class": "Doctrine\\DBAL\\Driver\\PDO\\Exception",
          "type": "::"
        },
        {
          "file": "/var/www/cloud/3rdparty/doctrine/dbal/src/Connection.php",
          "line": 1136,
          "function": "execute",
          "class": "Doctrine\\DBAL\\Driver\\PDO\\Statement",
          "type": "->"
        },
        {
          "file": "/var/www/cloud/lib/private/DB/Connection.php",
          "line": 262,
          "function": "executeStatement",
          "class": "Doctrine\\DBAL\\Connection",
          "type": "->"
        },
        {
          "file": "/var/www/cloud/3rdparty/doctrine/dbal/src/Query/QueryBuilder.php",
          "line": 213,
          "function": "executeStatement",
          "class": "OC\\DB\\Connection",
          "type": "->"
        },
        {
          "file": "/var/www/cloud/lib/private/DB/QueryBuilder/QueryBuilder.php",
          "line": 287,
          "function": "execute",
          "class": "Doctrine\\DBAL\\Query\\QueryBuilder",
          "type": "->"
        },
        {
          "file": "/var/www/cloud/apps/user_saml/lib/UserBackend.php",
          "line": 144,
          "function": "execute",
          "class": "OC\\DB\\QueryBuilder\\QueryBuilder",
          "type": "->"
        },
        {
          "file": "/var/www/cloud/apps/user_saml/lib/Controller/SAMLController.php",
          "line": 156,
          "function": "createUserIfNotExists",
          "class": "OCA\\User_SAML\\UserBackend",
          "type": "->"
        },
        {
          "file": "/var/www/cloud/apps/user_saml/lib/Controller/SAMLController.php",
          "line": 335,
          "function": "autoprovisionIfPossible",
          "class": "OCA\\User_SAML\\Controller\\SAMLController",
          "type": "->"
        },
        {
          "file": "/var/www/cloud/lib/private/AppFramework/Http/Dispatcher.php",
          "line": 217,
          "function": "assertionConsumerService",
          "class": "OCA\\User_SAML\\Controller\\SAMLController",
          "type": "->"
        },
        {
          "file": "/var/www/cloud/lib/private/AppFramework/Http/Dispatcher.php",
          "line": 126,
          "function": "executeController",
          "class": "OC\\AppFramework\\Http\\Dispatcher",
          "type": "->"
        },
        {
          "file": "/var/www/cloud/lib/private/AppFramework/App.php",
          "line": 156,
          "function": "dispatch",
          "class": "OC\\AppFramework\\Http\\Dispatcher",
          "type": "->"
        },
        {
          "file": "/var/www/cloud/lib/private/Route/Router.php",
          "line": 301,
          "function": "main",
          "class": "OC\\AppFramework\\App",
          "type": "::"
        },
        {
          "file": "/var/www/cloud/lib/base.php",
          "line": 1000,
          "function": "match",
          "class": "OC\\Route\\Router",
          "type": "->"
        },
        {
          "file": "/var/www/cloud/index.php",
          "line": 36,
          "function": "handleRequest",
          "class": "OC",
          "type": "::"
        }
      ],
      "File": "/var/www/cloud/3rdparty/doctrine/dbal/src/Driver/PDO/Exception.php",
      "Line": 26,
      "Previous": {
        "Exception": "PDOException",
        "Message": "SQLSTATE[HY000]: General error: 1364 Field 'displayname' doesn't have a default value",
        "Code": "HY000",
        "Trace": [
          {
            "file": "/var/www/cloud/3rdparty/doctrine/dbal/src/Driver/PDO/Statement.php",
            "line": 82,
            "function": "execute",
            "class": "PDOStatement",
            "type": "->"
          },
          {
            "file": "/var/www/cloud/3rdparty/doctrine/dbal/src/Connection.php",
            "line": 1136,
            "function": "execute",
            "class": "Doctrine\\DBAL\\Driver\\PDO\\Statement",
            "type": "->"
          },
          {
            "file": "/var/www/cloud/lib/private/DB/Connection.php",
            "line": 262,
            "function": "executeStatement",
            "class": "Doctrine\\DBAL\\Connection",
            "type": "->"
          },
          {
            "file": "/var/www/cloud/3rdparty/doctrine/dbal/src/Query/QueryBuilder.php",
            "line": 213,
            "function": "executeStatement",
            "class": "OC\\DB\\Connection",
            "type": "->"
          },
          {
            "file": "/var/www/cloud/lib/private/DB/QueryBuilder/QueryBuilder.php",
            "line": 287,
            "function": "execute",
            "class": "Doctrine\\DBAL\\Query\\QueryBuilder",
            "type": "->"
          },
          {
            "file": "/var/www/cloud/apps/user_saml/lib/UserBackend.php",
            "line": 144,
            "function": "execute",
            "class": "OC\\DB\\QueryBuilder\\QueryBuilder",
            "type": "->"
          },
          {
            "file": "/var/www/cloud/apps/user_saml/lib/Controller/SAMLController.php",
            "line": 156,
            "function": "createUserIfNotExists",
            "class": "OCA\\User_SAML\\UserBackend",
            "type": "->"
          },
          {
            "file": "/var/www/cloud/apps/user_saml/lib/Controller/SAMLController.php",
            "line": 335,
            "function": "autoprovisionIfPossible",
            "class": "OCA\\User_SAML\\Controller\\SAMLController",
            "type": "->"
          },
          {
            "file": "/var/www/cloud/lib/private/AppFramework/Http/Dispatcher.php",
            "line": 217,
            "function": "assertionConsumerService",
            "class": "OCA\\User_SAML\\Controller\\SAMLController",
            "type": "->"
          },
          {
            "file": "/var/www/cloud/lib/private/AppFramework/Http/Dispatcher.php",
            "line": 126,
            "function": "executeController",
            "class": "OC\\AppFramework\\Http\\Dispatcher",
            "type": "->"
          },
          {
            "file": "/var/www/cloud/lib/private/AppFramework/App.php",
            "line": 156,
            "function": "dispatch",
            "class": "OC\\AppFramework\\Http\\Dispatcher",
            "type": "->"
          },
          {
            "file": "/var/www/cloud/lib/private/Route/Router.php",
            "line": 301,
            "function": "main",
            "class": "OC\\AppFramework\\App",
            "type": "::"
          },
          {
            "file": "/var/www/cloud/lib/base.php",
            "line": 1000,
            "function": "match",
            "class": "OC\\Route\\Router",
            "type": "->"
          },
          {
            "file": "/var/www/cloud/index.php",
            "line": 36,
            "function": "handleRequest",
            "class": "OC",
            "type": "::"
          }
        ],
        "File": "/var/www/cloud/3rdparty/doctrine/dbal/src/Driver/PDO/Statement.php",
        "Line": 82
      }
    },
    "CustomMessage": "--"
  }
}
Ramblurr commented 1 year ago
  1. Configure SAML to auto-create users

How does one do that exactly? I don't see any user creation settings in this plugin.