user_saml icon indicating copy to clipboard operation
user_saml copied to clipboard

Published 20 hours ago verified publisher icon nextcloud

SAML to MS Azure does not work with version 5.0.2

Open solracsf opened this issue 2 years ago • 2 comments

I can also confirm that the login by SAML to MS Azure does not work with version 5.0.2 (NC = 24.0.2). Here the log output which orrurs when I try it:

{
  "reqId": "h9UXc9Ah3BCbjwhP3BE3",
  "level": 3,
  "time": "2022-06-23T12:13:20+02:00",
  "remoteAddr": "192.168.1.1",
  "user": "--",
  "app": "index",
  "method": "GET",
  "url": "/apps/user_saml/saml/login?originalUrl=&requesttoken=****token-removed****&idp=2",
  "message": "Invalid array settings: idp_entityId_not_found, idp_sso_not_found, idp_cert_or_fingerprint_not_found_and_required",
  "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:101.0) Gecko/20100101 Firefox/101.0",
  "version": "24.0.2.1",
  "exception": {
    "Exception": "OneLogin\\Saml2\\Error",
    "Message": "Invalid array settings: idp_entityId_not_found, idp_sso_not_found, idp_cert_or_fingerprint_not_found_and_required",
    "Code": 2,
    "Trace": [
      {
        "file": "/var/www/nextcloud/apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Auth.php",
        "line": 177,
        "function": "__construct",
        "class": "OneLogin\\Saml2\\Settings",
        "type": "->",
        "args": [
          [
            true,
            false,
            "https://nextcloud-test.domain.local/apps/user_saml/saml",
            [
              false,
              false,
              false,
              false,
              false,
              "And 9 more entries, set log level to debug to see all entries"
            ],
            [
              "https://nextcloud-test.domain.local/apps/user_saml/saml/metadata",
              [
                "https://nextcloud-test.domain.local/apps/user_saml/saml/acs"
              ],
              "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified",
              "",
              ""
            ],
            "And 1 more entries, set log level to debug to see all entries"
          ]
        ]
      },
      {
        "file": "/var/www/nextcloud/apps/user_saml/lib/Controller/SAMLController.php",
        "line": 174,
        "function": "__construct",
        "class": "OneLogin\\Saml2\\Auth",
        "type": "->",
        "args": [
          [
            true,
            false,
            "https://nextcloud-test.domain.local/apps/user_saml/saml",
            [
              false,
              false,
              false,
              false,
              false,
              "And 9 more entries, set log level to debug to see all entries"
            ],
            [
              "https://nextcloud-test.domain.local/apps/user_saml/saml/metadata",
              [
                "https://nextcloud-test.domain.local/apps/user_saml/saml/acs"
              ],
              "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified",
              "",
              ""
            ],
            "And 1 more entries, set log level to debug to see all entries"
          ]
        ]
      },
      {
        "file": "/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php",
        "line": 225,
        "function": "login",
        "class": "OCA\\User_SAML\\Controller\\SAMLController",
        "type": "->",
        "args": [
          "*** sensitive parameters replaced ***"
        ]
      },
      {
        "file": "/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php",
        "line": 133,
        "function": "executeController",
        "class": "OC\\AppFramework\\Http\\Dispatcher",
        "type": "->",
        "args": [
          {
            "__class__": "OCA\\User_SAML\\Controller\\SAMLController"
          },
          "login"
        ]
      },
      {
        "file": "/var/www/nextcloud/lib/private/AppFramework/App.php",
        "line": 172,
        "function": "dispatch",
        "class": "OC\\AppFramework\\Http\\Dispatcher",
        "type": "->",
        "args": [
          {
            "__class__": "OCA\\User_SAML\\Controller\\SAMLController"
          },
          "login"
        ]
      },
      {
        "file": "/var/www/nextcloud/lib/private/Route/Router.php",
        "line": 298,
        "function": "main",
        "class": "OC\\AppFramework\\App",
        "type": "::",
        "args": [
          "OCA\\User_SAML\\Controller\\SAMLController",
          "login",
          {
            "__class__": "OC\\AppFramework\\DependencyInjection\\DIContainer"
          },
          [
            "*** sensitive parameters replaced ***",
            "user_saml.SAML.login"
          ]
        ]
      },
      {
        "file": "/var/www/nextcloud/lib/base.php",
        "line": 1023,
        "function": "match",
        "class": "OC\\Route\\Router",
        "type": "->",
        "args": [
          "/apps/user_saml/saml/login"
        ]
      },
      {
        "file": "/var/www/nextcloud/index.php",
        "line": 36,
        "function": "handleRequest",
        "class": "OC",
        "type": "::",
        "args": []
      }
    ],
    "File": "/var/www/nextcloud/apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Settings.php",
    "Line": 141,
    "CustomMessage": "--"
  }
}

Downgrading to 5.0.1 helps.

Originally posted by @brunt82 in https://github.com/nextcloud/user_saml/issues/630#issuecomment-1164252723

solracsf avatar Jul 16 '22 15:07 solracsf

@brunt82 can you test if https://github.com/nextcloud/user_saml/pull/647 fixes this issue? Thanks.

solracsf avatar Aug 28 '22 17:08 solracsf

No didn't fixed it, I have a single IdP and I have the same error as https://github.com/nextcloud/user_saml/issues/300

Mte90 avatar Sep 07 '22 09:09 Mte90