SSO/SAML nextcloud errors

andreaussi · March 6, 2019, 12:26pm

Hi, I’m tryng to configure saml+nextcloud. I’ ve followed https://www.univention.com/blog-en/2019/02/how-to-single-sign-on-for-nextcloud/

My config si:
ucs-sso.domain.loc MASTER
ucs-775.domain.loc Slave with Nextcloud

Errors:
https://ucs-sso.domain.loc/univention/saml/

Internal server error.
The server encountered an unexpected condition which prevented it from fulfilling the request.
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/cherrypy/_cprequest.py", line 670, in respond
    response.body = self.handler()
  File "/usr/lib/python2.7/dist-packages/cherrypy/lib/encoding.py", line 217, in __call__
    self.body = self.oldhandler(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/cherrypy/_cpdispatch.py", line 61, in __call__
    return self.callable(*self.args, **self.kwargs)
  File "/usr/sbin/univention-management-console-web-server", line 1184, in index
    return acs(binding, message, relay_state)
  File "/usr/sbin/univention-management-console-web-server", line 1195, in attribute_consuming_service
    saml = SAMLUser(response, message)
  File "/usr/sbin/univention-management-console-web-server", line 421, in __init__
    self.username = ''.join(self.data['uid'])
KeyError: 'uid'

Nextcloud login:
SimpleSAML_Error_MetadataNotFound: METADATANOTFOUND(’%ENTITYID%’ => ‘‘https://ucs-7758.domain.loc/nextcloud/apps/user_saml/saml/metadata’’)

Backtrace:
3 /usr/share/simplesamlphp/lib/SimpleSAML/Metadata/MetaDataStorageHandler.php:305 (SimpleSAML_Metadata_MetaDataStorageHandler::getMetaData)
2 /usr/share/simplesamlphp/lib/SimpleSAML/Metadata/MetaDataStorageHandler.php:325 (SimpleSAML_Metadata_MetaDataStorageHandler::getMetaDataConfig)
1 /usr/share/simplesamlphp/modules/saml/lib/IdP/SAML2.php:303 (sspmod_saml_IdP_SAML2::receiveAuthnRequest)
0 /usr/share/simplesamlphp/www/saml2/idp/SSOService.php:19 (N/A)

How can i fix?
Regards

andreaussi · March 14, 2019, 8:54am

I’ve upgrade to 4.4, now only white screen.
No error messages

Where can I se saml log?

jolentes · March 15, 2019, 10:52am

Hi @andreaussi,
saml logfile should be at /var/log/simplesamlphp.
BR,
Jörn

andreaussi · March 15, 2019, 11:15am

Hi @jolentes , my /var/log/simplesamlphp is empty

jolentes · March 15, 2019, 11:30am

Check what the logging.handler is in /etc/simplesamlphp/config.php.
If it is syslog you find the log messages in /var/log/syslog and /var/log/debug.
You can change the log level also in the config.

andreaussi · March 15, 2019, 3:12pm

@jolentes
/etc/simplesamlphp/config.php

    'debug'         => true,
    'logging.level'         => SimpleSAML_Logger::DEBUG,
    'loggingdir'            => '/var/log/simplesamlphp/',
    'logging.handler'       => '/var/log/simplesamlphp/simplesamlphp.log',
    'logging.logfile'               => 'simplesamlphp.log',

but /var/log/simplesamlphp empty

find / -name simplesamlphp.log —> o records

jolentes · March 18, 2019, 3:10pm

That does not seam to be right. Check the simplesamlphp documentation for the correct values, but it should be something like ‘syslog’ or ‘file’.

BR,
Jörn

andreaussi · March 21, 2019, 3:56pm

Hi @jolentes, this is simplesamlphp.log output:

" IssueInstant="2019-03-21T15:53:42Z" Destination="https://ucs-sso.domain.loc/simplesamlphp/saml2/idp/SSOService.php" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://ucs-7758.domain.loc/nextcloud/apps/user_saml/saml/acs">
Mar 21 16:53:43 simplesamlphp DEBUG [2e899d47ee]   <saml:Issuer>https://ucs-7758.domain.loc/nextcloud/apps/user_saml/saml/metadata</saml:Issuer>
Mar 21 16:53:43 simplesamlphp DEBUG [2e899d47ee]   <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" AllowCreate="true"/>
Mar 21 16:53:43 simplesamlphp DEBUG [2e899d47ee] </samlp:AuthnRequest>
Mar 21 16:53:43 simplesamlphp ERROR [2e899d47ee] SimpleSAML_Error_MetadataNotFound: METADATANOTFOUND('%ENTITYID%' => '\'https://ucs-7758.domain.loc/nextcloud/apps/user_saml/saml/metadata\'')
Mar 21 16:53:43 simplesamlphp ERROR [2e899d47ee] Backtrace:
Mar 21 16:53:43 simplesamlphp ERROR [2e899d47ee] 3 /usr/share/simplesamlphp/lib/SimpleSAML/Metadata/MetaDataStorageHandler.php:305 (SimpleSAML_Metadata_MetaDataStorageHandler::getMetaData)
Mar 21 16:53:43 simplesamlphp ERROR [2e899d47ee] 2 /usr/share/simplesamlphp/lib/SimpleSAML/Metadata/MetaDataStorageHandler.php:325 (SimpleSAML_Metadata_MetaDataStorageHandler::getMetaDataConfig)
Mar 21 16:53:43 simplesamlphp ERROR [2e899d47ee] 1 /usr/share/simplesamlphp/modules/saml/lib/IdP/SAML2.php:303 (sspmod_saml_IdP_SAML2::receiveAuthnRequest)
Mar 21 16:53:43 simplesamlphp ERROR [2e899d47ee] 0 /usr/share/simplesamlphp/www/saml2/idp/SSOService.php:19 (N/A)
Mar 21 16:53:43 simplesamlphp ERROR [2e899d47ee] Error report with id 27d7d2f1 generated.
Mar 21 16:53:43 simplesamlphp DEBUG [2e899d47ee] loading key simpleSAMLphp.session.19a43b90e69e70dd10f82fa2967037e3 from memcache

jolentes · March 21, 2019, 5:22pm

What is the name of the Service Provider you created in UCS for Nextcloud? That must match exactly the string it is complaining about in the METADATANOTFOUND error message.

andreaussi · March 22, 2019, 7:16am

@jolentes this is my config: Schermata%20del%202019-03-22%2008-13-45

jolentes · March 22, 2019, 9:02am

@andreaussi,
as I wrote: the strings must match:

The error message says it’s looking for: https://ucs-7758.domain.loc/nextcloud/apps/user_saml/saml/metadata

If you did not create a SAML service provider with that name it won’t work.

andreaussi · March 22, 2019, 4:54pm

@jolentes, Yea Works fine with netxcloud.
Thank you
Next step is to build a php app with simplesamlphp

Regards