Nextcloud LDAP/SAML - disabled after reboot, and saml did not work if enabled

Hello all,

on two another customers we use Nextcloud directly from UCS with SAML. On this new one here we have an existing LXC (Ubuntu 18.04) with Nextcloud 16.04. LDAP and User are converted and this works great. but if we enable SAML and configured that the same schema like the other customers witch UCS, it did not work. @Login it says “no Metadata”.
And the other strange thing, after an reboot of the LXC, the saml app in nextcloud is automaticly disabled.

Have anyone such problem too?

Thanks :slight_smile:

That points to a wrong configuration. Did you have a look at https://www.univention.com/blog-en/2019/02/how-to-single-sign-on-for-nextcloud/ ?

Yes, we have done all customers with this howto. The difference is the Nextcloud from UCS points to for example: https://cloud.supertux.lan/nextcloud

The Cloud here opens directly on https://cloud.supertux.lan. So have done the same configuration but without the path “/nextcloud”. If i open some link, this is working. Like Metadata…

Is the ssl connection to https://cloud.supertux.lan/ trusted from the Nextcloud server?

How to you mean that? https://cloud.supertux.lan is the nextcloud server. If you call the site you came directly to https://cloud.supertux.lan/index.php/apps/user_saml/saml/selectUserBackEnd?redirectUrl= than you are able to click on “Direct Login” or “saml”. The certificate is from Let’s Encrypt.

Sorry, I’ve meant the connection to the ucs system. so presumably https://ucs-sso.supertux.lan

Yes. Tested it with “elinks”.

You can doublecheck your settings with what we do on fresh installs since 16: https://github.com/nextcloud/univention-app/blob/master/inst#L355-L381

Thanks a lot. I’ve checked that up. The only logout-url is different.

If i click on SSOlogin, i get this simple errormessage:

No Metadata found

SimpleSAML_Error_MetadataNotFound: METADATANOTFOUND('%ENTITYID%' => '\'https://FQDN/index.php/apps/user_saml/saml/metadata\'')

Backtrace:
3 lib/SimpleSAML/Metadata/MetaDataStorageHandler.php:299 (SimpleSAML_Metadata_MetaDataStorageHandler::getMetaData)
2 lib/SimpleSAML/Metadata/MetaDataStorageHandler.php:319 (SimpleSAML_Metadata_MetaDataStorageHandler::getMetaDataConfig)
1 modules/saml/lib/IdP/SAML2.php:334 (sspmod_saml_IdP_SAML2::receiveAuthnRequest)
0 www/saml2/idp/SSOService.php:19 (N/A)