nextcloud
user_oidc 6.0.1 brakes login with keycloak
a working integration with NC 29.0.4 and keycloak broke after upgrade (internal server error) After some troubleshooting I isolated user_oidc 6.0.1 as a problem. reverting to user_oidc 6.0.0 allows the login again.
the error comes from an attribute mapper
"message": "OCA\\UserOIDC\\Event\\AttributeMappedEvent::__construct(): Argument #3 ($default) must be of type ?string, stdClass given, called in /var/www/html/custom_apps/user_oidc/lib/Service/ProvisioningService.php on line 254 in file '/var/www/html/custom_apps/user_oidc/lib/Event/AttributeMappedEvent.php' line 46",
https://github.com/nextcloud/user_oidc/blob/0358daff9c225667f7852d258af1a1f53e54194c/lib/Service/ProvisioningService.php#L248-L254
it seems to be the empty address attribute of type stdClass which brakes the login
"File": "/var/www/html/lib/private/AppFramework/Http/Dispatcher.php",
"Line": 170,
"Previous": {
"Exception": "TypeError",
"Message": "OCA\\UserOIDC\\Event\\AttributeMappedEvent::__construct(): Argument #3 ($default) must be of type ?string, stdClass given, called in /var/www/html/custom_apps/user_oidc/lib/Service/ProvisioningService.php on line 254",
"Code": 0,
"Trace": [
{
"file": "/var/www/html/custom_apps/user_oidc/lib/Service/ProvisioningService.php",
"line": 254,
"function": "__construct",
"class": "OCA\\UserOIDC\\Event\\AttributeMappedEvent",
"type": "->",
"args": [
"mappingAddress",
[
"stdClass",
1726735401,
1726735101,
1725898916,
"9e64af60-8ace-4e8b-9ff7-eca4769d2e14",
"https://login.mydomain.tld/realms/mydomain.tld",
"dev-nc.mydomain.tld",
"32d7e91e-76ac-40f5-9dab-7b1524e9623e",
"ID",
"dev-nc.mydomain.tld",
"DQULB180ZH60AC74FRFZEP42N8UQA0GA",
"7790d504-f712-4a84-96a8-2115181a5b65",
"wxx4lQtAG0zUEr1utUFiQg",
"firstname",
true,
[
"stdClass"
],
[
"stdClass",
[
"/admin"
]
],
[
"users"
],
"firstname surname",
"+41999888777",
"firstname",
"firstname",
"surname",
"[email protected]",
[
"admin"
]
],
[
"stdClass"
]
]
},
user_oidc config
occ config:list user_oidc { "apps": { "user_oidc": { "provider-10-uniqueUid": "0", "provider-10-checkBearer": "0", "provider-10-bearerProvisioning": "0", "provider-10-providerBasedId": "0", "provider-10-groupProvisioning": "1", "provider-10-sendIdTokenHint": "1", "provider-10-mappingUid": "preferred_username", "provider-10-mappingGroups": "roles", "provider-10-mappingPhonenumber": "phone_number", "id4me_enabled": "0", "provider-7-jwksCache": "", "provider-7-jwksCacheTimestamp": "", "provider-10-jwksCache": "*** redacted ***", "allow_multiple_user_backends": "0", "provider-10-mappingDisplayName": "name", "provider-10-extraClaims": "", "provider-10-mappingEmail": "", "provider-10-mappingQuota": "", "provider-10-mappingAddress": "", "provider-10-mappingStreetaddress": "", "provider-10-mappingPostalcode": "", "provider-10-mappingLocality": "", "types": "authentication", "use_pkce": "true", "provider-10-mappingRegion": "", "provider-10-mappingCountry": "", "provider-10-mappingWebsite": "", "provider-10-mappingAvatar": "", "provider-10-mappingTwitter": "", "provider-10-mappingFediverse": "", "provider-10-mappingOrganisation": "", "provider-10-mappingRole": "", "provider-10-mappingHeadline": "", "provider-10-mappingBiography": "", "provider-10-mappingGender": "", "provider-10-jwksCacheTimestamp": "1726735101", "installed_version": "6.0.0", "enabled": "yes" } } }system report
## Server configuration detailOperating system: Linux 6.1.0-25-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.106-3 (2024-08-26) x86_64
Webserver: Unknown (cli)
Database: pgsql PostgreSQL 15.8 (Debian 15.8-1.pgdg120+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 12.2.0-14) 12.2.0, 64-bit
PHP version: 8.2.23
Modules loaded: Core, date, libxml, openssl, pcre, sqlite3, zlib, ctype, curl, dom, fileinfo, filter, hash, iconv, json, mbstring, SPL, session, PDO, pdo_sqlite, standard, posix, random, readline, Reflection, Phar, SimpleXML, tokenizer, xml, xmlreader, xmlwriter, mysqlnd, apcu, bcmath, exif, ftp, gd, gmp, imagick, intl, ldap, memcached, pcntl, pdo_mysql, pdo_pgsql, redis, sodium, sysvsem, zip, Zend OPcache
Nextcloud version: 29.0.7 - 29.0.7.1
Updated from an older Nextcloud/ownCloud or fresh install:
Where did you install Nextcloud from: unknown
Signing status
[]
List of activated apps
Enabled:
- activity: 2.21.1
- admin_audit: 1.19.0
- bruteforcesettings: 2.9.0
- calendar: 4.7.16
- circles: 29.0.0-dev
- cloud_federation_api: 1.12.0
- comments: 1.19.0
- contacts: 6.0.0
- contactsinteraction: 1.10.0
- dashboard: 7.9.0
- dav: 1.30.1
- federatedfilesharing: 1.19.0
- federation: 1.19.0
- files: 2.1.1
- files_downloadlimit: 2.0.0
- files_external: 1.21.0
- files_pdfviewer: 2.10.0
- files_reminders: 1.2.0
- files_sharing: 1.21.0
- files_trashbin: 1.19.0
- files_versions: 1.22.0
- firstrunwizard: 2.18.0
- forms: 4.2.4
- groupfolders: 17.0.3
- logreader: 2.14.0
- lookup_server_connector: 1.17.0
- mail: 3.7.8
- nextcloud_announcements: 1.18.0
- notifications: 2.17.0
- notify_push: 0.7.0
- oauth2: 1.17.1
- password_policy: 1.19.0
- photos: 2.5.0
- privacy: 1.13.0
- provisioning_api: 1.19.0
- recommendations: 2.1.0
- related_resources: 1.4.0
- richdocuments: 8.4.6
- serverinfo: 1.19.0
- settings: 1.12.0
- sharebymail: 1.19.0
- spreed: 19.0.9
- support: 1.12.0
- survey_client: 1.17.0
- systemtags: 1.19.0
- text: 3.10.1
- theming: 2.4.0
- twofactor_backupcodes: 1.18.0
- twofactor_nextcloud_notification: 3.9.0
- twofactor_totp: 11.0.0-dev
- twofactor_webauthn: 1.4.0
- unroundedcorners: 1.1.3
- updatenotification: 1.19.1
- user_oidc: 6.0.0
- user_status: 1.9.0
- viewer: 2.3.0
- workflowengine: 2.11.0
Disabled:
- encryption
- suspicious_login: 4.2.0
- user_ldap
- weather_status: 1.3.0
Configuration (config/config.php)
{
"htaccess.RewriteBase": "\/",
"memcache.local": "\\OC\\Memcache\\APCu",
"apps_paths": [
{
"path": "\/var\/www\/html\/apps",
"url": "\/apps",
"writable": false
},
{
"path": "\/var\/www\/html\/custom_apps",
"url": "\/custom_apps",
"writable": true
}
],
"overwritehost": "dev-nc.mydomain.tld",
"overwriteprotocol": "https",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"localhost",
"dev-nc.mydomain.tld"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "pgsql",
"version": "29.0.7.1",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"mysql.utf8mb4": true,
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"instanceid": "***REMOVED SENSITIVE VALUE***",
"maintenance": false,
"memcache.distributed": "\\OC\\Memcache\\Redis",
"memcache.locking": "\\OC\\Memcache\\Redis",
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"password": "***REMOVED SENSITIVE VALUE***",
"port": 6379
},
"default_phone_region": "CH",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_smtpmode": "smtp",
"mail_sendmailmode": "smtp",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_smtpsecure": "ssl",
"mail_smtpauthtype": "LOGIN",
"mail_smtpauth": 1,
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": "465",
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"allow_local_remote_servers": true,
"trashbin_retention_obligation": "15, 180",
"app_install_overwrite": [
"suspicious_login"
],
"serverinfo": {
"token": "lmFaJ6JXR5e8wxCuyfSn"
},
"trusted_proxies": "***REMOVED SENSITIVE VALUE***",
"remember_login_cookie_lifetime": "35",
"session_keepalive": "false",
"session_lifetime": "900",
"auto_logout": "true",
"overwrite.cli.url": "https:\/\/dev-nc.mydomain.tld",
"theme": "",
"session_relaxed_expiry": "false",
"updater.release.channel": "stable",
"enabledPreviewProviders": [
"OC\\Preview\\MP3",
"OC\\Preview\\TXT",
"OC\\Preview\\MarkDown",
"OC\\Preview\\OpenDocument",
"OC\\Preview\\Krita",
"OC\\Preview\\Imaginary"
],
"preview_imaginary_url": "***REMOVED SENSITIVE VALUE***",
"preview_concurrency_all": "12",
"preview_concurrency_new": "8",
"log_rotate_size": 52428800,
"log_rotate_size_audit": "52428800",
"loglevel": 0,
"maintenance_window_start": 1,
"upgrade.disable-web": "true",
"user_oidc": {
"use_pkce": true
}
}
Cron Configuration: Array ( [backgroundjobs_mode] => cron [lastcron] => 1726735800 )
External storages: yes
External storage configuration
No mounts configured
Encryption: no
User-backends:
- OCA\UserOIDC\User\Backend
- OC\User\Database
Talk configuration:
STUN servers
- no custom server configured
TURN servers
- turn:turn.mydomain.tld:3478 - udp,tcp
Signaling servers (mode: default):
- SIP dialin is disabled
- SIP dialout is disabled
- no custom server configured
Recording servers:
- Recording is enabled
- Recording consent is set to "default"
- no recording server configured
Browser: unknown
I can provide the full log over a confidential channel if required.
after tracking down the issue I confirm login is possible with user_oidc 6.0.1 if the user has address attributes (street, postal_code, locality, country) populated
Thanks for reporting this issue with details! Could you try #948 ? More specifically this commit 7622bfd45ce83453868ab624865b3d661db8cb7e that you can safely apply manually to v6.0.1
yes empty location works now!
would be great you could address useless multiple comma if some attributes are empty e.g.
I can open another issue if you prefer ;)