Login dialog displayed after successful mtls auth

[pboguslawski]

⚠️ Before posting ⚠️

• [X] This is a bug, not a question or an enhancement.
• [X] I've searched for similar issues and didn't find a duplicate.
• [X] I've written a clear and descriptive title for this issue, not just "Bug" or "Crash".
• [X] I agree to follow Nextcloud's Code of Conduct.

Steps to reproduce

1. Use client cert to authentictate to nc.
2. See dialog that asks for additional login (here example in Polish):
3. See mobile session present in web UI.

Expected behaviour

After successful authentication with client certificate, device should be authorized to use nc without any other confirmations, permissions, tokens, passwords.

Actual behaviour

Login dialog is shown as above.

Android version

up to date

Device brand and model

Stock or custom OS?

Stock

Nextcloud android app version

4.6

Nextcloud server version

28.0.4

Using a reverse proxy?

Yes

Android logs

No response

Server error logs

No response

Additional information

No response

[ne20002]

I'm not sure how I can read a user id from a client certificate. In my setup (see #12931) I would be happy to just get a client certificate checked correctly on the reverse proxy regardless of the user of the certificate.

Having the client certificate just to set a higher security level on the TLS connection would be enough.

[pboguslawski]

I'm not sure how I can read a user id from a client certificate.

TLS may be terminated on reverse proxy or web server and user_saml may provide user id to nc from environment variable (set by Apache for example). No need to pass user id from client to server separately. If client must know user id for something, should query nc API for it.