search

nextcloud / user_saml

:lock: App for authenticating Nextcloud users using SAML https://apps.nextcloud.com/apps/user_saml
https://portal.nextcloud.com/article/configuring-single-sign-on-10.html
GNU Affero General Public License v3.0
96 stars 76 forks source link

Account not provisioned error #783

Closed maxweigner closed 1 year ago

maxweigner commented 1 year ago

Steps to reproduce

  1. Setup authentik with Nextcloud like in this guide
  2. Attempt to log in

Expected behaviour

Successful login, as a user with that username already exists on Nextcloud.

Actual behaviour

"Account not provisioned. Your account is not provisioned, access to this service is thus not possible." Error message on attempted login

Server configuration

Issue Template app not working.

Operating system: TrueNAS Scale 22.12.3.3

Web server: Apache

Database: Postgres 13.1

PHP version: 8.2.12

Nextcloud version: (see Nextcloud admin page) 27.1.3

Where did you install Nextcloud from: TrueNas Scale Applications

List of activated apps:

- cfg_share_links: 4.2.0  
- cloud_federation_api: 1.10.0  
- dav: 1.27.0  
- deck: 1.11.1  
- drawio: 2.1.4  
- federatedfilesharing: 1.17.0  
- files: 1.22.0  
- files_pdfviewer: 2.8.0  
- files_reminders: 1.0.0  
- files_rightclick: 1.6.0  
- files_sharing: 1.19.0 
- files_trashbin: 1.17.0  
- files_versions: 1.20.0  
- groupfolders: 15.3.1  
- issuetemplate: 0.7.0  
- logreader: 2.12.0  
- lookup_server_connector: 1.15.0  
- notes: 4.8.1  
- notifications: 2.15.0  
- oauth2: 1.15.1  
- occweb: 0.1.1  
- password_policy: 1.17.0  
- privacy: 1.11.0  
- provisioning_api: 1.17.0  
- related_resources: 1.2.0 
- richdocuments: 8.2.3  
- richdocumentscode: 23.5.503  
- serverinfo: 1.17.0  
- settings: 1.9.0  
- text: 3.8.0  
- theming: 2.2.0  
- twofactor_backupcodes: 1.16.0  
- updatenotification: 1.17.0  
- user_saml: 5.2.4  
- viewer: 2.1.0  
- workflowengine: 2.9.0

Nextcloud configuration: config.php:

<?php
$CONFIG = array (
  'htaccess.RewriteBase' => '/',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'apps_paths' =>
  array (
    0 =>
    array (
      'path' => '/var/www/html/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 =>
    array (
      'path' => '/var/www/html/custom_apps',
      'url' => '/custom_apps',
      'writable' => true,
    ),
  ),
  'overwritehost' => 'XXXXXXX',
  'overwriteprotocol' => 'https',
  'trusted_proxies' =>
  array (
    0 => '127.0.0.1',
  ),
  'passwordsalt' => 'XXXXXXX',
  'secret' => 'XXXXXXXX',
  'trusted_domains' =>
  array (
    0 => 'localhost',
    1 => 'XXXXXXXX',
  ),
  'datadirectory' => '/var/www/html/data',
  'dbtype' => 'pgsql',
  'version' => '27.1.3.2',
  'overwrite.cli.url' => 'https://localhost',
  'dbname' => 'nextcloud',
  'dbhost' => 'nextcloud-postgres:5432',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'XXXXXX',
  'dbpassword' => 'XXXXXXXX',
  'installed' => true,
  'instanceid' => 'XXXXXX',
  'maintenance' => false,
  'loglevel' => 0,
  'theme' => '',
  'app_install_overwrite' =>
  array (
    0 => 'issuetemplate',
  ),
);

Client configuration

Browser: MS Edge

Operating system: Windows 11

Logs

Nextcloud log (data/owncloud.log)

Here an excerpt from the logs cleaned for readability:

"app":"PHP","method":"POST","url":"/apps/user_saml/saml/acs","message":"openssl_x509_read(): X.509 Certificate cannot be retrieved at /var/www/html/custom_apps/user_saml/3rdparty/vendor/robrichards/xmlseclibs/src/XMLSecurityKey.php#365","version":"27.1.3.2","data":{"app":"PHP"}
"app":"PHP","method":"POST","url":"/apps/user_saml/saml/acs","message":"openssl_x509_export(): X.509 Certificate cannot be retrieved at /var/www/html/custom_apps/user_saml/3rdparty/vendor/robrichards/xmlseclibs/src/XMLSecurityKey.php#366","version":"27.1.3.2","data":{"app":"PHP"}
"app":"PHP","method":"POST","url":"/apps/user_saml/saml/acs","message":"explode(): Passing null to parameter #2 ($string) of type string is deprecated at /var/www/html/custom_apps/user_saml/3rdparty/vendor/robrichards/xmlseclibs/src/XMLSecurityKey.php#325","version":"27.1.3.2","data":{"app":"PHP"}
"app":"user_saml","method":"POST","url":"/apps/user_saml/saml/acs","message":"Attributes send by the IDP: []","version":"27.1.3.2","data":{"app":"user_saml"}
"app":"user_saml","method":"POST","url":"/apps/user_saml/saml/acs","message":"invalid_response","version":"27.1.3.2","data":{"app":"user_saml"}
"app":"user_saml","method":"POST","url":"/apps/user_saml/saml/acs","message":"Unable to extract public key","version":"27.1.3.2","data":{"app":"user_saml"}
"app":"user_saml","method":"POST","url":"/apps/user_saml/saml/acs","message":"Auth failed","version":"27.1.3.2","data":{"app":"user_saml"}

Browser log

No warnings, errors, etc.

blizzz commented 1 year ago

As this seems to be a setup issue I would like to ask you to raise your question in the forums: https://help.nextcloud.com

If you wish support with setup issues from Nextcloud GmbH we offer this as part of the Nextcloud subscription. Learn more about this at https://nextcloud.com/enterprise/