SSO/SAML nextcloud errors

Hi, I’m tryng to configure saml+nextcloud. I’ ve followed https://www.univention.com/blog-en/2019/02/how-to-single-sign-on-for-nextcloud/

My config si:
ucs-sso.domain.loc MASTER
ucs-775.domain.loc Slave with Nextcloud

Errors:
https://ucs-sso.domain.loc/univention/saml/

Internal server error.
The server encountered an unexpected condition which prevented it from fulfilling the request.
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/cherrypy/_cprequest.py", line 670, in respond
    response.body = self.handler()
  File "/usr/lib/python2.7/dist-packages/cherrypy/lib/encoding.py", line 217, in __call__
    self.body = self.oldhandler(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/cherrypy/_cpdispatch.py", line 61, in __call__
    return self.callable(*self.args, **self.kwargs)
  File "/usr/sbin/univention-management-console-web-server", line 1184, in index
    return acs(binding, message, relay_state)
  File "/usr/sbin/univention-management-console-web-server", line 1195, in attribute_consuming_service
    saml = SAMLUser(response, message)
  File "/usr/sbin/univention-management-console-web-server", line 421, in __init__
    self.username = ''.join(self.data['uid'])
KeyError: 'uid'

Nextcloud login:
SimpleSAML_Error_MetadataNotFound: METADATANOTFOUND(’%ENTITYID%’ => ‘‘https://ucs-7758.domain.loc/nextcloud/apps/user_saml/saml/metadata’’)

Backtrace:
3 /usr/share/simplesamlphp/lib/SimpleSAML/Metadata/MetaDataStorageHandler.php:305 (SimpleSAML_Metadata_MetaDataStorageHandler::getMetaData)
2 /usr/share/simplesamlphp/lib/SimpleSAML/Metadata/MetaDataStorageHandler.php:325 (SimpleSAML_Metadata_MetaDataStorageHandler::getMetaDataConfig)
1 /usr/share/simplesamlphp/modules/saml/lib/IdP/SAML2.php:303 (sspmod_saml_IdP_SAML2::receiveAuthnRequest)
0 /usr/share/simplesamlphp/www/saml2/idp/SSOService.php:19 (N/A)

How can i fix?
Regards

I’ve upgrade to 4.4, now only white screen.
No error messages

Where can I se saml log?

Hi @andreaussi,
saml logfile should be at /var/log/simplesamlphp.
BR,
Jörn

Hi @jolentes , my /var/log/simplesamlphp is empty

Check what the logging.handler is in /etc/simplesamlphp/config.php.
If it is syslog you find the log messages in /var/log/syslog and /var/log/debug.
You can change the log level also in the config.

@jolentes
/etc/simplesamlphp/config.php

    'debug'         => true,
    'logging.level'         => SimpleSAML_Logger::DEBUG,
    'loggingdir'            => '/var/log/simplesamlphp/',
    'logging.handler'       => '/var/log/simplesamlphp/simplesamlphp.log',
    'logging.logfile'               => 'simplesamlphp.log',

but /var/log/simplesamlphp empty

find / -name simplesamlphp.log —> o records

That does not seam to be right. Check the simplesamlphp documentation for the correct values, but it should be something like ‘syslog’ or ‘file’.

BR,
Jörn

Hi @jolentes, this is simplesamlphp.log output:

" IssueInstant="2019-03-21T15:53:42Z" Destination="https://ucs-sso.domain.loc/simplesamlphp/saml2/idp/SSOService.php" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://ucs-7758.domain.loc/nextcloud/apps/user_saml/saml/acs">
Mar 21 16:53:43 simplesamlphp DEBUG [2e899d47ee]   <saml:Issuer>https://ucs-7758.domain.loc/nextcloud/apps/user_saml/saml/metadata</saml:Issuer>
Mar 21 16:53:43 simplesamlphp DEBUG [2e899d47ee]   <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" AllowCreate="true"/>
Mar 21 16:53:43 simplesamlphp DEBUG [2e899d47ee] </samlp:AuthnRequest>
Mar 21 16:53:43 simplesamlphp ERROR [2e899d47ee] SimpleSAML_Error_MetadataNotFound: METADATANOTFOUND('%ENTITYID%' => '\'https://ucs-7758.domain.loc/nextcloud/apps/user_saml/saml/metadata\'')
Mar 21 16:53:43 simplesamlphp ERROR [2e899d47ee] Backtrace:
Mar 21 16:53:43 simplesamlphp ERROR [2e899d47ee] 3 /usr/share/simplesamlphp/lib/SimpleSAML/Metadata/MetaDataStorageHandler.php:305 (SimpleSAML_Metadata_MetaDataStorageHandler::getMetaData)
Mar 21 16:53:43 simplesamlphp ERROR [2e899d47ee] 2 /usr/share/simplesamlphp/lib/SimpleSAML/Metadata/MetaDataStorageHandler.php:325 (SimpleSAML_Metadata_MetaDataStorageHandler::getMetaDataConfig)
Mar 21 16:53:43 simplesamlphp ERROR [2e899d47ee] 1 /usr/share/simplesamlphp/modules/saml/lib/IdP/SAML2.php:303 (sspmod_saml_IdP_SAML2::receiveAuthnRequest)
Mar 21 16:53:43 simplesamlphp ERROR [2e899d47ee] 0 /usr/share/simplesamlphp/www/saml2/idp/SSOService.php:19 (N/A)
Mar 21 16:53:43 simplesamlphp ERROR [2e899d47ee] Error report with id 27d7d2f1 generated.
Mar 21 16:53:43 simplesamlphp DEBUG [2e899d47ee] loading key simpleSAMLphp.session.19a43b90e69e70dd10f82fa2967037e3 from memcache

What is the name of the Service Provider you created in UCS for Nextcloud? That must match exactly the string it is complaining about in the METADATANOTFOUND error message.

@jolentes this is my config:Schermata%20del%202019-03-22%2008-13-45

@andreaussi,
as I wrote: the strings must match:

The error message says it’s looking for: https://ucs-7758.domain.loc/nextcloud/apps/user_saml/saml/metadata

If you did not create a SAML service provider with that name it won’t work.

@jolentes, Yea Works fine with netxcloud.
Thank you
Next step is to build a php app with simplesamlphp

Regards

Mastodon