Nextcloud with SAML and Azure Guest User

Apps & App Center
, ,
#1

Hello all,

I installed UCS Server with Lets Encrypt and Nextcloud. Runs great so far. Even the connection to external storage. A Windows file server. Worked under my Debian installation only partially. with some Windows servers it worked, with some not. Well.

The real problem is that I want to invite external users to our Azure AD as a guest, which works fine so far.
Also the SAML login works fine and the user is in his Nextcloud.
The account of a guest looks like this. vorname.nachame_domain.at#EXT#@tenant.onmicrosoft.com

As a username, this is what is in the Nextcloud.
vorname.nachame_domain.at#EXT#@tenant.onmicrosoft.com = user principal name

This is probably the problem.
Can’t Nextcloud handle the cryptic name?
I can’t delete it from the Nextcloud user management.
I get the message: “An error occurred during the request”.

Did anyone have a solution for this ?

With normal Azure AD users it works fine.

Thanks a lot
Christian

Translated with www.DeepL.com/Translator (free version)

#2

Hi,

you can open a shell:

univention-app shell nextcloud

and execute the following in /var/www/html

I would like to know how does the user UID looks like with:

sudo -u www-data ./occ user:list -i

and is there an error deleting with :

sudo -u www-data ./occ user:delete -vvv 'uid'

Thanks :slight_smile:

#3

Hi,

the result von occ list command

vorname.nachame_domain.at#EXT#@tenant.onmicrosoft.com:
- user_id: vorname.nachame_domain.at#EXT#@tenant.onmicrosoft.com
- display_name: Testuser01
- email: vorname.nachame_domain.at#EXT#@tenant.onmicrosoft.com
- cloud_id: vorname.nachame_domain.at#EXT#@tenant.onmicrosoft.com@extern.domain.at/nextcloud
- enabled: true
- groups:
- quota: none
- last_seen: 2022-02-16T15:52:14+00:00
- user_directory: /var/lib/univention-appcenter/apps/nextcloud/data/nextcloud-data/vorname.nachame_domain.at#EXT#@tenant.onmicrosoft.com
- backend: user_saml

it is deleteable with the occ command. no errors

I think the Path of the user_directory could be the problem. Maybe the two # are the problem. :roll_eyes:

Thanks.

#4

Yes, a least nextcloud says:

Internal Username:
The internal username is the identifier in Nextcloud for LDAP users. By default it will be created from the UUID attribute. The UUID attribute ensures that the username is unique, and that characters do not need to be converted. Only these characters are allowed: [a-zA-Z0-9_.@-]. Other characters are replaced with their ASCII equivalents, or are simply omitted.

And:

By default, the Nextcloud server creates the user directory in your Nextcloud data directory and gives it the Nextcloud username,

But this is Nextcloud… :wink:

#5

Thanks for the info and confirmation of my suspicion

Ist it possible to change the the name of the userdirectory and the path in the Userconfig? Or is this not recommened?

But thanks for info, now i know the reason. Maybe nextcloud change there something :thinking: or not :slightly_frowning_face:

Thanks

#6

Your are welcome :slight_smile:

I found this an interesting topic regarding usernames, and might answer your question.

My personal opinion is “keep it simple”.

best regards

#7

it is possible to change the “User principal name” in the Azure AD config. Simply select the user, then “Properties” and remove the “#” or any other unwanted characters.

Mastodon