Nextcloud LDAP/SAML - disabled after reboot, and saml did not work if enabled

Hello all,

on two another customers we use Nextcloud directly from UCS with SAML. On this new one here we have an existing LXC (Ubuntu 18.04) with Nextcloud 16.04. LDAP and User are converted and this works great. but if we enable SAML and configured that the same schema like the other customers witch UCS, it did not work. @Login it says “no Metadata”.
And the other strange thing, after an reboot of the LXC, the saml app in nextcloud is automaticly disabled.

Have anyone such problem too?

Thanks :slight_smile:

That points to a wrong configuration. Did you have a look at https://www.univention.com/blog-en/2019/02/how-to-single-sign-on-for-nextcloud/ ?

Yes, we have done all customers with this howto. The difference is the Nextcloud from UCS points to for example: https://cloud.supertux.lan/nextcloud

The Cloud here opens directly on https://cloud.supertux.lan. So have done the same configuration but without the path “/nextcloud”. If i open some link, this is working. Like Metadata…

Is the ssl connection to https://cloud.supertux.lan/ trusted from the Nextcloud server?

How to you mean that? https://cloud.supertux.lan is the nextcloud server. If you call the site you came directly to https://cloud.supertux.lan/index.php/apps/user_saml/saml/selectUserBackEnd?redirectUrl= than you are able to click on “Direct Login” or “saml”. The certificate is from Let’s Encrypt.

Sorry, I’ve meant the connection to the ucs system. so presumably https://ucs-sso.supertux.lan

Yes. Tested it with “elinks”.

You can doublecheck your settings with what we do on fresh installs since 16: https://github.com/nextcloud/univention-app/blob/master/inst#L355-L381

Thanks a lot. I’ve checked that up. The only logout-url is different.

If i click on SSOlogin, i get this simple errormessage:

No Metadata found

SimpleSAML_Error_MetadataNotFound: METADATANOTFOUND('%ENTITYID%' => '\'https://FQDN/index.php/apps/user_saml/saml/metadata\'')

Backtrace:
3 lib/SimpleSAML/Metadata/MetaDataStorageHandler.php:299 (SimpleSAML_Metadata_MetaDataStorageHandler::getMetaData)
2 lib/SimpleSAML/Metadata/MetaDataStorageHandler.php:319 (SimpleSAML_Metadata_MetaDataStorageHandler::getMetaDataConfig)
1 modules/saml/lib/IdP/SAML2.php:334 (sspmod_saml_IdP_SAML2::receiveAuthnRequest)
0 www/saml2/idp/SSOService.php:19 (N/A)

Ok. So i’ve deleted every configuration and configured the whole SSO for nextlcoud new. Same thing, same error, did not work. New installation - Nextcloud on UCS, did work. So what?

One good thing, the samlapp is enabled after reboot normally. And where i can find Logs, about errors in saml from nextcloud the did me help to find the solution?

It’s a configuration thing then. Compare both SAML settings side by side. There are also some collapsed fields on that settings page. You also set up the SP configuration within UCS, right?

Hello,

Sorry to revive this old topic, but I’m facing the same issue with:

  • UCS latest version (4.4.6 with latest patch release)
  • Nextcloud 20 in a separate docker

I can reach the Metadata URL with no problem (from UCS I can wget it).

Did you manage to solve this issue by any chance?

Thanks!

Mastodon