user_saml
user_saml copied to clipboard
Disabling SAML provisioning prevent new LDAP users from logging in
Steps to reproduce
- Configure LDAP provisioning
- Configure SAML authentication
- Check "Only allow authentication if an account exists on some other backend. (e.g. LDAP)"
- Login with SAML using an account existing on LDAP but whom have never logged in into Nextcloud
Expected behaviour
Upon login, the user is found and automatically created in Nextcloud from the LDAP directory.
Actual behaviour
Nextcloud display an "Account non provisioned" error for new users.
Users who have already logged in with the LDAP backend in the past can still successfully login with SAML
Server configuration
Operating system: Debian 10
Web server: Apache 2.4
Database: MariaDB 10.3
PHP version: PHP 7.3
Nextcloud version: 18.0.7
Where did you install Nextcloud from: From source (upgraded installation from Owncloud)
List of activated apps:
Enabled:
- accessibility: 1.4.0
- activity: 2.11.0
- admin_audit: 1.8.0
- announcementcenter: 3.7.0
- bruteforcesettings: 1.6.0
- cloud_federation_api: 1.1.0
- comments: 1.8.0
- dav: 1.14.0
- federatedfilesharing: 1.8.0
- files: 1.13.1
- files_pdfviewer: 1.7.0
- files_retention: 1.7.2
- files_rightclick: 0.15.2
- files_sharing: 1.10.1
- files_trashbin: 1.8.0
- files_versions: 1.11.0
- files_videoplayer: 1.7.0
- groupfolders: 6.0.6
- impersonate: 1.5.2
- logreader: 2.3.0
- lookup_server_connector: 1.6.0
- nextcloud_announcements: 1.7.0
- notifications: 2.6.0
- oauth2: 1.6.0
- password_policy: 1.8.0
- photos: 1.0.0
- privacy: 1.2.0
- provisioning_api: 1.8.0
- quota_warning: 1.7.0
- ransomware_protection: 1.6.1
- recommendations: 0.6.0
- serverinfo: 1.8.0
- settings: 1.0.0
- sharebymail: 1.8.0
- socialsharing_email: 2.1.0
- support: 1.1.1
- survey_client: 1.6.0
- systemtags: 1.8.0
- text: 2.0.0
- theming: 1.9.0
- twofactor_admin: 2.1.0
- twofactor_backupcodes: 1.7.0
- twofactor_email: 1.0.1
- twofactor_nextcloud_notification: 2.3.0
- twofactor_totp: 4.1.3
- twofactor_u2f: 5.1.0
- updatenotification: 1.8.0
- user_ldap: 1.8.0
- user_saml: 3.1.2
- viewer: 1.2.0
- workflowengine: 2.0.0
Disabled:
- encryption
- federation
- files_external
- firstrunwizard
Nextcloud configuration:
{
"system": {
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"srvnextcloud",
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"overwrite.cli.url": "https:\/\/srvnextcloud\/",
"htaccess.RewriteBase": "\/",
"dbtype": "mysql",
"version": "18.0.7.1",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbtableprefix": "oc_",
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"logtimezone": "CET",
"installed": true,
"ldapIgnoreNamingRules": false,
"forcessl": true,
"forceSSLforSubdomains": true,
"mail_smtpmode": "smtp",
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": "25",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"maintenance": false,
"loglevel": "3",
"trashbin_retention_obligation": "1",
"ldapProviderFactory": "\\OCA\\User_LDAP\\LDAPProviderFactory",
"updater.secret": "***REMOVED SENSITIVE VALUE***",
"mysql.utf8mb4": true
}
}
Client configuration
N/A
Logs
Nextcloud log (data/owncloud.log)
{"reqId":"XNY461xwbTgbgHKu7bPP","level":4,"time":"2020-07-29T18:04:41+01:00","remoteAddr":"10.1.11.90","user":"testcloud","app":"user_saml","method":"POST","url":"/apps/user_saml/saml/acs","message":"Auto provisioning not allowed and user testcloud does not exist","userAgent":"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36","version":"18.0.7.1"}
{"reqId":"vF6wbaxyveSnH8hhzpto","level":4,"time":"2020-07-29T18:06:01+01:00","remoteAddr":"10.1.11.90","user":"testcloud","app":"user_saml","method":"POST","url":"/apps/user_saml/saml/acs","message":"Auto provisioning not allowed and user testcloud does not exist","userAgent":"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36","version":"18.0.7.1"}
Browser log
N/A