search

nextcloud / user_saml

:lock: App for authenticating Nextcloud users using SAML https://apps.nextcloud.com/apps/user_saml
https://portal.nextcloud.com/article/configuring-single-sign-on-10.html
GNU Affero General Public License v3.0
96 stars 75 forks source link

New users not provisioned in SAML #898

Closed Thibaut-ids closed 1 month ago

Thibaut-ids commented 1 month ago

How to use GitHub

Steps to reproduce

  1. Create a new user in our AD that is synchronized with the Nextcloud LDAP application.
  2. Try to log in with this new user

Expected behaviour

When we create a user in our AD it is automatically provisioned via the nextcloud LDAP application (LDAP user and group backend).

Once their account is automatically created, the user should be able to log in directly after synchronization.

Actual behaviour

The user is well provisioned via our AD, but when he tries to connect he gets the message "Account not provisioned".

I would like to point out that for all accounts existing before SAML activation, everything works very well with SAML authentication. And If you connect once in "direct connection" with the user who has just been created, you can then connect via SAML without problems.

Server configuration

Web server: Apache/2.4.6 (CentOS)

Database: 10.6.19-MariaDB

PHP version: PHP 8.3.8

Nextcloud version: [Nextcloud Hub 9] (30.0.0)

List of activated apps ``` Enabled: - activity: 3.0.0 - admin_audit: 1.20.0 - cloud_federation_api: 1.13.0 - dav: 1.31.1 - federatedfilesharing: 1.20.0 - federation: 1.20.0 - files: 2.2.0 - files_downloadlimit: 3.0.0 - files_external: 1.22.0 - files_pdfviewer: 3.0.0 - files_reminders: 1.3.0 - files_sharing: 1.22.0 - files_trashbin: 1.20.1 - files_versions: 1.23.0 - firstrunwizard: 3.0.0 - flow_notifications: 1.10.0 - groupfolders: 18.0.2 - impersonate: 1.17.0 - lookup_server_connector: 1.18.0 - notifications: 3.0.0 - oauth2: 1.18.1 - officeonline: 2.2.1 - password_policy: 2.0.0 - photos: 3.0.2 - privacy: 2.0.0 - provisioning_api: 1.20.0 - quota_warning: 1.20.0 - recommendations: 3.0.0 - related_resources: 1.5.0 - settings: 1.13.0 - sharebymail: 1.20.0 - systemtags: 1.20.0 - text: 4.1.0 - theming: 2.5.0 - theming_customcss: 1.17.0 - twofactor_backupcodes: 1.19.0 - updatenotification: 1.20.0 - user_ldap: 1.21.0 - user_usage_report: 1.14.0 - viewer: 3.0.0 - webhook_listeners: 1.1.0-dev - workflowengine: 2.12.0 ```
Nextcloud configuration ``` { "system": { "instanceid": "***REMOVED SENSITIVE VALUE***", "passwordsalt": "***REMOVED SENSITIVE VALUE***", "secret": "***REMOVED SENSITIVE VALUE***", "trusted_domains": [ "172.17.66.13", "nextcloud.emosist.fr", "172.17.66.24", "cloud.grades-bfc.fr", "cloud.esante-bfc.fr" ], "trusted_proxies": "***REMOVED SENSITIVE VALUE***", "forwarded_for_headers": [ "HTTP_X_FORWARDED_FOR" ], "datadirectory": "***REMOVED SENSITIVE VALUE***", "dbtype": "mysql", "version": "30.0.0.14", "overwriteprotocol": "https", "overwrite.cli.url": "https:\/\/cloud.esante-bfc.fr", "dbname": "***REMOVED SENSITIVE VALUE***", "dbhost": "***REMOVED SENSITIVE VALUE***", "dbport": "", "dbtableprefix": "oc_", "dbuser": "***REMOVED SENSITIVE VALUE***", "dbpassword": "***REMOVED SENSITIVE VALUE***", "installed": true, "proxy": "http:\/\/proxy.fc-sante.priv:8080", "memcache.local": "\\OC\\Memcache\\Redis", "memcache.locking": "\\OC\\Memcache\\Redis", "memcache.distributed": "\\OC\\Memcache\\Redis", "redis": { "host": "***REMOVED SENSITIVE VALUE***", "port": 6379 }, "mail_smtpmode": "smtp", "mail_smtpauthtype": "LOGIN", "mail_from_address": "***REMOVED SENSITIVE VALUE***", "mail_domain": "***REMOVED SENSITIVE VALUE***", "default_language": "fr", "default_phone_region": "FR", "force_language": "fr", "default_locale": "fr_FR", "force_locale": "fr_FR", "defaultapp": "files", "knowledgebaseenabled": true, "allow_user_to_change_display_name": true, "remember_login_cookie_lifetime": 14400, "session_lifetime": 14400, "session_keepalive": false, "auth.bruteforce.protection.enabled": true, "maintenance": false, "trashbin_retention_obligation": "7", "versions_retention_obligation": "7", "mail_smtphost": "***REMOVED SENSITIVE VALUE***", "mail_smtpport": "25", "ldapIgnoreNamingRules": false, "ldapProviderFactory": "\\OCA\\User_LDAP\\LDAPProviderFactory", "theme": "", "loglevel": 3, "log_type": "file", "logfile": "\/var\/log\/nextcloud\/nextcloud.log", "app_install_overwrite": [ "files_automatedtagging", "impersonate", "groupfolders", "user_usage_report", "file_upload_notification", "mailnotifier", "officeonline", "files_rightclick" ], "mysql.utf8mb4": true, "onlyoffice": { "verify_peer_off": true }, "activity_use_cached_mountpoints": true, "activity_expire_days": 180, "mail_sendmailmode": "smtp", "maintenance_window_start": 1 } } ```
blizzz commented 1 month ago

The user IDs have to match case sensitively. As this is a configuration issue I would like to ask you to raise your question in the forums: https://help.nextcloud.com