Closed jecal22 closed 2 years ago
FYI, I have completely removed and re-installed the app.
I have also changed settings in the SSO & SAML app to enable and disable other backend authentications (eg. LDAP). Have tried to enable and disable the option to use SAML authentication for desktop client.
The only way I am able to login and authenticate the Android app is to disable SSO & SAML App. As long as SSO & SAML is enabled, I am unable to succesfully authenticate via the app using any SSO/LDAP/local login due to it just loading the web interface and bypassing the "Grant Access" prompt.
I have the exact same problem: When a user wants to log in through OAuth and the user is not logged-in in the browser, it redirects to the Dashboard after the SSO flow is done. If the user was already logged-in in the browser, the grant flow works perfectly.
The only thing I noticed was that the RelayState
URL had the wrong protocol http
instead of https
despite having overwriteprotocol
enabled.
Ok I fixed the problem of the v2/flow
not working for me by removing the two lines below in the app.php
file. I can now successfully log into the Android, iOS and Desktop apps:
diff --git a/appinfo/app.php b/appinfo/app.php
index 35bf029..d72ffc0 100644
--- a/appinfo/app.php
+++ b/appinfo/app.php
@@ -116,9 +116,7 @@ if ($user !== null) {
// redirected to the SAML login endpoint
if (!$cli && )
!$userSession->isLoggedIn() &&
- (\OC::$server->getRequest()->getPathInfo() === '/login'
- || \OC::$server->getRequest()->getPathInfo() === '/login/v2/flow'
- || \OC::$server->getRequest()->getPathInfo() === '/login/flow') &&
+ \OC::$server->getRequest()->getPathInfo() === '/login' &&
$type !== '') {
try {
$params = $request->getParams();
I'll take a look at that in my deployment. I ended up discovering that I was able to get logged in using a QR Code for a app password while having SAML & SSO app enabled, but would like to be able to login normally w/o needing two devices to scan a QR code since you can't scan a QR code from the same device you are logging in
@dasbaumwolltier submitted patch solves the issue. Will it be integrated?. Thank you guys
Hi, thanks for the report. If you stumbled on this issue, the patch from @dasbaumwolltier should help. I will look into it in the following days as this patch revert a change that was made to support kerberos based authentication on mobile and I need to find a solution to support both.
Can confirm, solution provided by @dasbaumwolltier worked for me. Was able to authenticate and grant access using AzureAD SSO with no issue.
these lines were added to actually make it work with login flow, strange that removing them makes it work again
@CarlSchwan
For reference https://github.com/nextcloud/user_saml/pull/578 was the PR that added those lines.
Revert is at https://github.com/nextcloud/user_saml/pull/614
I can confirm too. It is working with the submited patch of @dasbaumwolltier. Is there a timetable for a new release of the app?
soon :tm:
Steps to reproduce
Expected behaviour
After logging in, the app should display a Grant Access page to authenticate the app with the Nextcloud instance.
Actual behaviour
The app completes authentication and then loads the standard Web interface of Nextcloud within the app's. The app is never authenticated. after restarting Nextcloud, it starts over at the initial login screen. Even if I login using Direct (ldap/local), the same issue occurs.
After disabling SSO & SAML, app authentication works normally using LDAP/local login. Since disabling SSO & SAML fixes logins with LDAP/local logins, I have to assume the issue is something with this app.
Server configuration
Operating system: Centos 7.9
Web server: Apache
Database: MySQL
PHP version: 7.4
Nextcloud version: (see Nextcloud admin page) 23.0.3, 23.0.4
Where did you install Nextcloud from: Manual install from Nextcloud.com
List of activated apps:
Enabled:
Nextcloud configuration: { "system": { "debug": false, "instanceid": "REMOVED SENSITIVE VALUE", "passwordsalt": "REMOVED SENSITIVE VALUE", "secret": "REMOVED SENSITIVE VALUE", "trusted_domains": [ "nextcloud.caluette.com", "gtwn-nextcloud01.caluette.com" ], "trustedproxies": "REMOVED SENSITIVE VALUE", "datadirectory": "REMOVED SENSITIVE VALUE", "dbtype": "mysql", "version": "23.0.4.1", "overwrite.cli.url": "https:\/\/nextcloud.caluette.com\/", "dbname": "REMOVED SENSITIVE VALUE", "dbhost": "REMOVED SENSITIVE VALUE", "dbport": "", "dbtableprefix": "oc", "mysql.utf8mb4": true, "dbuser": "REMOVED SENSITIVE VALUE", "dbpassword": "REMOVED SENSITIVE VALUE", "installed": true, "memcache.distributed": "\OC\Memcache\Redis", "memcache.locking": "\OC\Memcache\Redis", "memcache.local": "\OC\Memcache\Redis", "filelocking.enabled": true, "redis": { "host": "REMOVED SENSITIVE VALUE", "port": "0", "timeout": 0 }, "htaccess.RewriteBase": "\/", "mail_smtpmode": "sendmail", "mail_smtpauthtype": "LOGIN", "mail_from_address": "REMOVED SENSITIVE VALUE", "mail_domain": "REMOVED SENSITIVE VALUE", "maintenance": false, "loglevel": 2, "cipher": "AES-256-CFB", "trashbin_retention_obligation": "auto, 30", "twofactor_enforced": "true", "twofactor_enforced_groups": [ "admin" ], "twofactor_enforced_excluded_groups": [], "app_install_overwrite": [ "onlyoffice", "files_photospheres", "keeporsweep", "telephoneprovider", "files_texteditor", "carnet" ], "onlyoffice": { "jwt_token": "0q4ZdXu0zoyAZa7A", "jwt_header": "AuthorizationJwt" }, "mail_sendmailmode": "smtp", "has_rebuilt_cache": true, "ldapIgnoreNamingRules": false, "ldapProviderFactory": "OCA\User_LDAP\LDAPProviderFactory", "ldapUserCleanupInterval": 60, "theme": "", "default_phone_region": "US", "allow_local_remote_servers": true, "preview_max_memory": 256, "enable_previews": true, "enabledPreviewProviders": [ "OC\Preview\Movie", "OC\Preview\PNG", "OC\Preview\JPEG", "OC\Preview\GIF", "OC\Preview\BMP", "OC\Preview\XBitmap", "OC\Preview\MP3", "OC\Preview\MP4", "OC\Preview\TXT", "OC\Preview\MarkDown", "OC\Preview\PDF" ], "updater.secret": "REMOVED SENSITIVE VALUE" } }
Client configuration
Browser: Nextcloud Android App
Operating system: Android 12
Logs
Nextcloud log (data/owncloud.log)
Browser log