Problem: Troubleshooting SAML with nextcloud

Problem:

Troubleshooting SAML with nextcloud
Configuring nextcloud with saml, as described in our blog post:

If you have this error message:

Nextcloud%20message1
the user is not activated for using nextcloud with saml. You have to add the SP to the user.
UMC%20activate%20SP

An other kind of error you may face is this one:

Nextcloud%20message2

This can be all kind of error. The most common error is a certificate issue. For further info consult the logfile:

root@real-member:/var/lib/univention-appcenter/apps/nextcloud/data/nextcloud-data# less nextcloud.log
To get the right certificate for the nextcloud settings you can use the curl command on your server:
curl https://ucs-sso.schein.ig/simplesamlphp/saml2/idp/metadata.php
Please adjust the domain name to your domain.

Little stumbling blocks at the nextcloud settings

Nextcloud%20message3

Settings in the UMC should be like this.

If the nextcloud app is installed on an other server you need this fqdn for the identity provider here.
UMC%20for%20Nextcloud
UMC%20for%20Nextcloud2

Please have in mind, that checkmark Allow transmissions of ldap attributes to the service provider in the Extendes Settings category has to be set, even if you define no additional ldap attributes, that have to be transmitted. UCS transfers the uid attribute back to the Nextcloud App every single login, that’s why, the checkmark is mandatory.