search

nextcloud / user_saml

:lock: App for authenticating Nextcloud users using SAML https://apps.nextcloud.com/apps/user_saml
https://portal.nextcloud.com/article/configuring-single-sign-on-10.html
GNU Affero General Public License v3.0
95 stars 74 forks source link

User account is not provisionned: Nextcloud 28 - App user_saml 6.2 #867

Closed nicovd737 closed 2 months ago

nicovd737 commented 2 months ago

Steps to reproduce

  1. Configure SSO & SAML Application with correct settings (i hope)
  2. Configure ADFS on Windows side
  3. Try to log with SSO & SAML

Expected behaviour

Direct login

Actual behaviour

Nextcloud answer that user is not existing while it exist as we use ldap authentification with success

Server configuration

Operating system: Linux (Docker)

Web server: : NGINX

Database: : MYSQL

PHP version:

Nextcloud version: 28.0.7

Where did you install Nextcloud from: docker hub

List of activated apps:

If you have access to your command line run e.g.:
Enabled:
  - activity: 2.20.0
  - admin_audit: 1.18.0
  - announcementcenter: 6.8.1
  - audioplayer: 3.4.1
  - bruteforcesettings: 2.8.0
  - cadviewer: 9.71.1
  - calendar: 4.7.12
  - circles: 28.0.0
  - cloud_federation_api: 1.11.0
  - collectives: 2.12.0
  - comments: 1.18.0
  - contacts: 5.5.3
  - contactsinteraction: 1.9.0
  - dashboard: 7.8.0
  - dav: 1.29.2
  - deck: 1.12.4
  - drawio: 3.0.2
  - external: 5.3.1
  - federatedfilesharing: 1.18.0
  - federation: 1.18.0
  - files: 2.0.0
  - files_accesscontrol: 1.18.1
  - files_automatedtagging: 1.18.0
  - files_external: 1.20.0
  - files_fulltextsearch: 28.0.0
  - files_mindmap: 0.0.30
  - files_pdfviewer: 2.9.0
  - files_reminders: 1.1.0
  - files_retention: 1.17.2
  - files_sharing: 1.20.0
  - files_trashbin: 1.18.0
  - files_versions: 1.21.0
  - firstrunwizard: 2.17.0
  - forms: 4.2.4
  - geoblocker: 0.5.14
  - groupfolders: 16.0.7
  - imageconverter: 2.0.1
  - impersonate: 1.15.0
  - logreader: 2.13.0
  - lookup_server_connector: 1.16.0
  - mail: 3.7.5
  - memories: 7.3.1
  - nextcloud_announcements: 1.17.0
  - notes: 4.10.0
  - notifications: 2.16.0
  - oauth2: 1.16.3
  - officeonline: 2.2.1
  - openotp_auth: 1.28.1
  - passman: 2.4.9
  - password_policy: 1.18.0
  - photos: 2.4.0
  - polls: 7.1.3
  - privacy: 1.12.0
  - provisioning_api: 1.18.0
  - recommendations: 2.0.0
  - related_resources: 1.3.0
  - serverinfo: 1.18.0
  - settings: 1.10.1
  - sharebymail: 1.18.0
  - side_menu: 3.13.1
  - smb_test: 0.3.9
  - spreed: 18.0.10
  - survey_client: 1.16.0
  - systemtags: 1.18.0
  - tasks: 0.16.0
  - text: 3.9.2
  - theming: 2.3.0
  - theming_customcss: 1.16.0
  - twofactor_backupcodes: 1.17.0
  - twofactor_nextcloud_notification: 3.9.0
  - updatenotification: 1.18.0
  - user_ldap: 1.19.0
  - user_saml: 6.2.0
  - user_status: 1.8.1
  - viewer: 2.2.0
  - weather_status: 1.8.0
  - workflowengine: 2.10.0
Disabled:
  - emlviewer: 1.0.9 (installed 1.0.9)
  - encryption: 2.16.0 (installed 2.10.0)
  - extract: 1.3.6 (installed 1.3.6)
  - files_downloadactivity: 1.16.0 (installed 1.16.0)
  - files_rightclick: 0.15.1 (installed 1.6.0)
  - fulltextsearch: 28.0.1 (installed 28.0.1)
  - fulltextsearch_elasticsearch: 28.0.3 (installed 28.0.3)
  - integration_moodle: 1.0.2 (installed 1.0.2)
  - ransomware_protection: 1.14.0 (installed 1.14.0)
  - support: 1.11.1 (installed 1.5.0)
  - suspicious_login: 6.0.0
  - talk_matterbridge: 1.26.0 (installed 1.26.0)
  - twofactor_totp: 10.0.0-beta.2 (installed 6.4.0)

from within your Nextcloud installation folder

Nextcloud configuration:

Client configuration

Browser: all

Operating system: all

Logs

Nextcloud log (data/owncloud.log)

Déboguage | user_saml | /appinfo/app.php is deprecated, use \OCP\AppFramework\Bootstrap\IBootstrap on the application class instead. | 18 juil. 2024, 15:37:09 |   -- | -- | -- | -- | -- Déboguage | user_saml | /appinfo/app.php is deprecated, use \OCP\AppFramework\Bootstrap\IBootstrap on the application class instead. | 18 juil. 2024, 15:37:09 |   Déboguage | user_saml | /appinfo/app.php is deprecated, use \OCP\AppFramework\Bootstrap\IBootstrap on the application class instead. | 18 juil. 2024, 15:37:08 |   Déboguage | user_saml | /appinfo/app.php is deprecated, use \OCP\AppFramework\Bootstrap\IBootstrap on the application class instead. | 18 juil. 2024, 15:37:08 |   Déboguage | user_saml | /appinfo/app.php is deprecated, use \OCP\AppFramework\Bootstrap\IBootstrap on the application class instead. | 18 juil. 2024, 15:37:08 |   Déboguage | user_saml | /appinfo/app.php is deprecated, use \OCP\AppFramework\Bootstrap\IBootstrap on the application class instead. | 18 juil. 2024, 15:37:08 |   Déboguage | user_saml | /appinfo/app.php is deprecated, use \OCP\AppFramework\Bootstrap\IBootstrap on the application class instead. | 18 juil. 2024, 15:37:06 |   Déboguage | user_saml | /appinfo/app.php is deprecated, use \OCP\AppFramework\Bootstrap\IBootstrap on the application class instead. | 18 juil. 2024, 15:37:03 |   Déboguage | user_saml | /appinfo/app.php is deprecated, use \OCP\AppFramework\Bootstrap\IBootstrap on the application class instead. | 18 juil. 2024, 15:37:03 |   Déboguage | user_saml | /appinfo/app.php is deprecated, use \OCP\AppFramework\Bootstrap\IBootstrap on the application class instead. | 18 juil. 2024, 15:37:03 |   Déboguage | user_saml | /appinfo/app.php is deprecated, use \OCP\AppFramework\Bootstrap\IBootstrap on the application class instead. | 18 juil. 2024, 15:37:03 |   Déboguage | user_saml | /appinfo/app.php is deprecated, use \OCP\AppFramework\Bootstrap\IBootstrap on the application class instead. | 18 juil. 2024, 15:37:02 |  

Browser log

http://xxxxxxxx/adfs/services/trust http://xxxx/adfs/services/trust TiohwuVay9jMELzvK99cU47H3lep8xmgcSXFuIc3DDg= xxxxxxxxx xxxxxxxxxxxx mail.mail@mail.com https://cxxxx.xxxxx.xxxxx/apps/user_saml/saml/metadata xxx.xxx@xxxx.ch Admins du domaine Utilisa. du domaine urn:federation:authentication:windows Saml response is success. ``` Note that we already use LDAP auth with success and not issues. That's the 1st time we try SSO. Everything seems ok (SAML is sucess)
blizzz commented 2 months ago

Did you upgrade from SAML 6.1.3?

I cannot reproduce this behaviour.

nicovd737 commented 2 months ago

Yes but it was same issue with older release. Seems it is like nextcloud don't l'île what saml said 🤔

Le jeu. 18 juil. 2024, 15:46, Arthur Schiwon @.***> a écrit :

Did you upgrade from SAML 6.1.3?

I cannot reproduce this behaviour.

— Reply to this email directly, view it on GitHub https://github.com/nextcloud/user_saml/issues/867#issuecomment-2236564162, or unsubscribe https://github.com/notifications/unsubscribe-auth/AG3NTYXXZ2M6AGKRBE5LBHLZM7BKRAVCNFSM6AAAAABLCWS5JKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEMZWGU3DIMJWGI . You are receiving this because you authored the thread.Message ID: @.***>

blizzz commented 2 months ago

Okay, but that is a config/setup issue. I would like to ask you to raise your question in the forums: https://help.nextcloud.com

If you wish support with setup issues from Nextcloud GmbH we offer this as part of the Nextcloud subscription. Learn more about this at https://nextcloud.com/enterprise/

nicovd737 commented 2 months ago

Hello.

Was an issue with certificate. We don't really understand why the app didn't say "certificate issue " instead of "user is not existing" By the way it's running now.

Le jeu. 18 juil. 2024, 18:26, Arthur Schiwon @.***> a écrit :

Okay, but that is a config/setup issue. I would like to ask you to raise your question in the forums: https://help.nextcloud.com

If you wish support with setup issues from Nextcloud GmbH we offer this as part of the Nextcloud subscription. Learn more about this at https://nextcloud.com/enterprise/

— Reply to this email directly, view it on GitHub https://github.com/nextcloud/user_saml/issues/867#issuecomment-2237028704, or unsubscribe https://github.com/notifications/unsubscribe-auth/AG3NTYRG4PVKF4BLXOF2DYLZM7UEBAVCNFSM6AAAAABLCWS5JKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEMZXGAZDQNZQGQ . You are receiving this because you authored the thread.Message ID: @.***>