search

nextcloud / user_saml

:lock: App for authenticating Nextcloud users using SAML https://apps.nextcloud.com/apps/user_saml
https://portal.nextcloud.com/article/configuring-single-sign-on-10.html
GNU Affero General Public License v3.0
96 stars 76 forks source link

Internal server error when new user try to log in via SAML #800

Closed Alakadoo closed 8 months ago

Alakadoo commented 11 months ago

Steps to reproduce

  1. Create a new AD user
  2. Try to log in to nextcloud with that user credentials
  3. Get internal server error

Expected behaviour

The nextcloud profile should be created and user logged in

Actual behaviour

The nextcloud user profile is created, but user get an internal server error

Server configuration

Operating system: ubuntu 22.04 LTS

Web server: Apache/2.4.52

Database: mysql 8.0.35

PHP version: 8.1.2-1ubuntu2.14

Modules loaded: Core, date, libxml, openssl, pcre, zlib, filter, hash, json, Reflection, SPL, session, standard, sodium, cgi-fcgi, mysqlnd, PDO, xml, apcu, bcmath, bz2, calendar, ctype, curl, dom, mbstring, FFI, fileinfo, ftp, gd, gettext, gmp, iconv, igbinary, imagick, intl, ldap, exif, mysqli, pdo_mysql, Phar, posix, readline, redis, shmop, SimpleXML, sockets, sysvmsg, sysvsem, sysvshm, tokenizer, xmlreader, xmlwriter, xsl, zip, Zend OPcache

Nextcloud version: 27.1.5

Where did you install Nextcloud from: from nextcloud link

List of activated apps:

- activity: 2.19.0
 - circles: 27.0.1
 - cloud_federation_api: 1.10.0
 - comments: 1.17.0
 - contactsinteraction: 1.8.0
 - dashboard: 7.7.0
 - dav: 1.27.0
 - federatedfilesharing: 1.17.0
 - federation: 1.17.0
 - files: 1.22.0
 - files_pdfviewer: 2.8.0
 - files_reminders: 1.0.0
 - files_rightclick: 1.6.0
 - files_sharing: 1.19.0
 - files_trashbin: 1.17.0
 - files_versions: 1.20.0
 - firstrunwizard: 2.16.0
 - impersonate: 1.14.0
 - issuetemplate: 0.7.0
 - logreader: 2.12.0
 - lookup_server_connector: 1.15.0
 - nextcloud_announcements: 1.16.0
 - notifications: 2.15.0
 - notify_push: 0.6.6
 - oauth2: 1.15.1
 - officeonline: 2.0.3
 - password_policy: 1.17.0
 - photos: 2.3.0
 - privacy: 1.11.0
 - provisioning_api: 1.17.0
 - recommendations: 1.6.0
 - related_resources: 1.2.0
 - serverinfo: 1.17.0
 - settings: 1.9.0
 - sharebymail: 1.17.0
 - snowflakestheme: 1.1.2
 - spreed: 17.1.4
 - support: 1.10.0
 - survey_client: 1.15.0
 - systemtags: 1.17.0
 - text: 3.8.0
 - theming: 2.2.0
 - twofactor_backupcodes: 1.16.0
 - updatenotification: 1.17.0
 - user_saml: 5.2.5
 - user_status: 1.7.0
 - viewer: 2.1.0
 - weather_status: 1.7.0
 - workflowengine: 2.9.0

Nextcloud configuration:

{
    "instanceid": "***REMOVED SENSITIVE VALUE***",
    "passwordsalt": "***REMOVED SENSITIVE VALUE***",
    "secret": "***REMOVED SENSITIVE VALUE***",
    "datadirectory": "***REMOVED SENSITIVE VALUE***",
    "dbtype": "mysql",
    "version": "27.1.5.2",
    "overwrite.cli.url": "http:\/\/cloud.ght30.fr",
    "dbname": "***REMOVED SENSITIVE VALUE***",
    "dbhost": "***REMOVED SENSITIVE VALUE***",
    "dbport": "",
    "dbtableprefix": "oc_",
    "mysql.utf8mb4": true,
    "dbuser": "***REMOVED SENSITIVE VALUE***",
    "dbpassword": "***REMOVED SENSITIVE VALUE***",
    "installed": true,
    "mail_from_address": "***REMOVED SENSITIVE VALUE***",
    "mail_smtpmode": "smtp",
    "mail_sendmailmode": "smtp",
    "mail_domain": "***REMOVED SENSITIVE VALUE***",
    "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
    "mail_smtpport": "25",
    "htaccess.RewriteBase": "\/",
    "default_locale": "fr_FR",
    "default_phone_region": "FR",
    "remember_login_cookie_lifetime": 1296000,
    "session_lifetime": 86400,
    "session_relaxed_expiry": false,
    "session_keepalive": true,
    "token_auth_enforced": false,
    "auth.bruteforce.protection.enabled": true,
    "maintenance_window_start": 1,
    "maintenance": false,
    "upgrade.disable-web": true,
    "log_type": "file",
    "loglevel": 2,
    "logfile": "\/var\/log\/nextcloud\/nextcloud.log",
    "logfile_audit": "\/var\/log\/nextcloud\/audit.log",
    "logtimezone": "Europe\/Paris",
    "log_rotate_size": "104857600",
    "memcache.local": "\\OC\\Memcache\\APCu",
    "memcache.locking": "\\OC\\Memcache\\Redis",
    "redis": {
        "host": "***REMOVED SENSITIVE VALUE***",
        "port": 6379,
        "timeout": 0,
        "read_timeout": 0
    },
    "trusted_proxies": "***REMOVED SENSITIVE VALUE***",
    "allow_user_to_change_display_name": false,
    "trashbin_retention_obligation": "auto, 90",
    "versions_retention_obligation": "auto, 60",
    "activity_expire_days": "120",
    "share_folder": "\/Partages Entrants",
    "sort_groups_by_name": true,
    "app_install_overwrite": [
        "issuetemplate"
    ]
}

Client configuration

Browser: Firefox

Operating system: Windows 10

Logs

Nextcloud log (data/owncloud.log)

[index] Erreur: OCP\Files\NotPermittedException:  at <<closure>>

 0. /var/www/nextcloud/lib/private/Files/SimpleFS/SimpleFile.php line 133
    OC\Files\Node\File->delete()
 1. /var/www/nextcloud/lib/private/Avatar/UserAvatar.php line 198
    OC\Files\SimpleFS\SimpleFile->delete()
 2. /var/www/nextcloud/lib/private/Avatar/UserAvatar.php line 327
    OC\Avatar\UserAvatar->remove()
 3. /var/www/nextcloud/lib/private/User/Listeners/UserChangedListener.php line 56
    OC\Avatar\UserAvatar->userChanged()
 4. /var/www/nextcloud/lib/private/EventDispatcher/ServiceEventListener.php line 86
    OC\User\Listeners\UserChangedListener->handle()
 5. /var/www/nextcloud/3rdparty/symfony/event-dispatcher/EventDispatcher.php line 251
    OC\EventDispatcher\ServiceEventListener->__invoke()
 6. /var/www/nextcloud/3rdparty/symfony/event-dispatcher/EventDispatcher.php line 73
    Symfony\Component\EventDispatcher\EventDispatcher->callListeners()
 7. /var/www/nextcloud/lib/private/EventDispatcher/EventDispatcher.php line 94
    Symfony\Component\EventDispatcher\EventDispatcher->dispatch()
 8. /var/www/nextcloud/lib/private/EventDispatcher/EventDispatcher.php line 106
    OC\EventDispatcher\EventDispatcher->dispatch()
 9. /var/www/nextcloud/apps/user_saml/lib/UserBackend.php line 660
    OC\EventDispatcher\EventDispatcher->dispatchTyped()
10. /var/www/nextcloud/apps/user_saml/lib/Controller/SAMLController.php line 167
    OCA\User_SAML\UserBackend->updateAttributes("*** sensitive parameters replaced ***")
11. /var/www/nextcloud/apps/user_saml/lib/Controller/SAMLController.php line 396
    OCA\User_SAML\Controller\SAMLController->autoprovisionIfPossible()
12. /var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php line 230
    OCA\User_SAML\Controller\SAMLController->assertionConsumerService()
13. /var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php line 137
    OC\AppFramework\Http\Dispatcher->executeController()
14. /var/www/nextcloud/lib/private/AppFramework/App.php line 183
    OC\AppFramework\Http\Dispatcher->dispatch()
15. /var/www/nextcloud/lib/private/Route/Router.php line 315
    OC\AppFramework\App::main()
16. /var/www/nextcloud/lib/base.php line 1068
    OC\Route\Router->match()
17. /var/www/nextcloud/index.php line 38
    OC::handleRequest()

POST /apps/user_saml/saml/acs
from 10.97.50.2 at 2024-01-04T16:50:35+01:00
blizzz commented 10 months ago

You seem to have file permissions issues on your system, when you look at the stack trace. It fails to delete a user picture with OCP\Files\NotPermittedException. This is nor related to the SAML backend, and rather seems to be a setup issue.

Alakadoo commented 8 months ago

Bizarre NFS behaviour on delete permissions check, switched to s3 now everything is working fine.