Steps to reproduce
- Install a fresh NC 17.0.0
- Install and enable SSO & SAML App
- Fill out the config for SSO & SAML Login. Allow multiple_user_back_ends
- Go to login page > klick on “direct log in” button (it takes me to “login?redirect_url=&direct=1”)
- try to login with a local user
Expected behaviour
Successful login
Actual behaviour
no login. it takes me again to the start login page “index.php/apps/user_saml/saml/selectUserBackEnd?redirectUrl=”
Server configuration
Operating system:
RHEV 7
Web server:
Apache 2.4.6-89.el7_6
Database:
Mysql
PHP version:
php72-php.x86_64
Nextcloud version: (see Nextcloud admin page)
17.0.0
Updated from an older Nextcloud/ownCloud or fresh install:
Fresh install
Where did you install Nextcloud from:
Nextcloud webpage
Signing status:
Signing status
No errors have been found.
Nextcloud configuration:
Config report
[root@xfzishare01 public_html]# sudo -u apache php72 occ config:list
{
"system": {
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"share.bl.ch",
"xfzishare01.bl.ch"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "mysql",
"version": "17.0.0.9",
"trusted_proxies": "***REMOVED SENSITIVE VALUE***",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"mysql.utf8mb4": true,
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"debug": true,
"loglevel": 0,
"log_type": "file",
"log_rotate_size": 104857600,
"overwriteprotocol": "https",
"default_locale": "de_CH",
"memcache.distributed": "\\OC\\Memcache\\Redis",
"memcache.locking": "\\OC\\Memcache\\Redis",
"memcache.local": "\\OC\\Memcache\\APCu",
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"port": 6379
},
"proxy": "faiintproxy.bl.ch:8088",
"proxyuserpwd": "***REMOVED SENSITIVE VALUE***",
"mail_smtpmode": "smtp",
"mail_sendmailmode": "smtp",
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": "25",
"app_install_overwrite": [
"theming_customcss"
],
"maintenance": false,
"overwrite.cli.url": "https:\/\/share.bl.ch"
},
"apps": {
"accessibility": {
"enabled": "yes",
"installed_version": "1.3.0",
"types": ""
},
"activity": {
"enabled": "yes",
"installed_version": "2.10.1",
"types": "filesystem"
},
"backgroundjob": {
"lastjob": "16"
},
"cloud_federation_api": {
"enabled": "yes",
"installed_version": "1.0.0",
"types": "filesystem"
},
"comments": {
"enabled": "yes",
"installed_version": "1.7.0",
"types": "logging"
},
"core": {
"installedat": "1570424757.9645",
"lastcron": "1570614675",
"lastupdateResult": "[]",
"lastupdatedat": "1570614014",
"oc.integritycheck.checker": "[]",
"public_files": "files_sharing\/public.php",
"public_webdav": "dav\/appinfo\/v1\/publicwebdav.php",
"shareapi_enforce_links_password": "yes",
"theming.variables": "322c9e01d7f7832ab74dd2dba23f7807",
"vendor": "nextcloud"
},
"dav": {
"enabled": "yes",
"installed_version": "1.13.0",
"types": "filesystem"
},
"federatedfilesharing": {
"enabled": "yes",
"installed_version": "1.7.0",
"types": ""
},
"federation": {
"autoAddServers": "1",
"enabled": "yes",
"installed_version": "1.7.0",
"types": "authentication"
},
"files": {
"cronjob_scan_files": "500",
"enabled": "yes",
"installed_version": "1.12.0",
"types": "filesystem"
},
"files_pdfviewer": {
"enabled": "yes",
"installed_version": "1.6.0",
"types": ""
},
"files_rightclick": {
"enabled": "yes",
"installed_version": "0.15.1",
"types": ""
},
"files_sharing": {
"enabled": "yes",
"installed_version": "1.9.0",
"types": "filesystem"
},
"files_trashbin": {
"enabled": "yes",
"installed_version": "1.7.0",
"types": "filesystem,dav"
},
"files_versions": {
"enabled": "yes",
"installed_version": "1.10.0",
"types": "filesystem,dav"
},
"files_videoplayer": {
"enabled": "yes",
"installed_version": "1.6.0",
"types": ""
},
"firstrunwizard": {
"enabled": "yes",
"installed_version": "2.6.0",
"types": "logging"
},
"gallery": {
"enabled": "yes",
"installed_version": "18.4.0",
"types": ""
},
"guests": {
"allow_external_storage": "true",
"enabled": "yes",
"hide_users": "true",
"installed_version": "1.3.1",
"types": "authentication",
"usewhitelist": "true",
"whitelist": "files_trashbin,files_versions,files_sharing,files_texteditor,activity,firstrunwizard,gallery,notifications"
},
"logreader": {
"enabled": "yes",
"installed_version": "2.2.0",
"types": ""
},
"lookup_server_connector": {
"enabled": "yes",
"installed_version": "1.5.0",
"types": "authentication"
},
"nextcloud_announcements": {
"enabled": "yes",
"installed_version": "1.6.0",
"pub_date": "Mon, 02 Sep 2019 00:00:00 +0200",
"types": "logging"
},
"notifications": {
"enabled": "yes",
"installed_version": "2.5.0",
"types": "logging"
},
"oauth2": {
"enabled": "yes",
"installed_version": "1.5.0",
"types": "authentication"
},
"password_policy": {
"enabled": "yes",
"installed_version": "1.7.0",
"types": ""
},
"privacy": {
"enabled": "yes",
"installed_version": "1.1.0",
"types": ""
},
"provisioning_api": {
"enabled": "yes",
"installed_version": "1.7.0",
"types": "prevent_group_restriction"
},
"ransomware_protection": {
"enabled": "yes",
"installed_version": "1.5.0",
"types": "logging"
},
"recommendations": {
"enabled": "yes",
"installed_version": "0.5.0",
"types": ""
},
"serverinfo": {
"enabled": "yes",
"installed_version": "1.7.0",
"types": ""
},
"sharebymail": {
"enabled": "yes",
"enforcePasswordProtection": "yes",
"installed_version": "1.7.0",
"types": "filesystem"
},
"support": {
"enabled": "yes",
"installed_version": "1.0.1",
"types": "session"
},
"survey_client": {
"enabled": "yes",
"installed_version": "1.5.0",
"types": ""
},
"systemtags": {
"enabled": "yes",
"installed_version": "1.7.0",
"types": "logging"
},
"text": {
"enabled": "yes",
"installed_version": "1.1.0",
"types": ""
},
"theming": {
"backgroundMime": "backgroundColor",
"cachebuster": "21",
"color": "#FF0004",
"enabled": "yes",
"faviconMime": "image\/png",
"installed_version": "1.8.0",
"logoMime": "image\/jpeg",
"logoheaderMime": "image\/jpeg",
"name": "",
"slogan": "***REMOVED SENSITIVE VALUE***",
"types": "logging",
"url": "***REMOVED SENSITIVE VALUE***"
},
"theming_customcss": {
"cachebuster": "1570459031134",
"customcss": ".lost-password-container #lost-password{color: #FF0004}\n.lost-password-container #lost-password-back{color: #FF0004}\n\n.entity-name{text-color: #FF0004}\n#nextcloud{background-color: #FFFFFF}\n#body-login{background-color: #FFFFFF}\n\n#direct{visibility: hidden;}",
"enabled": "yes",
"installed_version": "1.3.0",
"types": ""
},
"twofactor_backupcodes": {
"enabled": "yes",
"installed_version": "1.6.0",
"types": ""
},
"updatenotification": {
"enabled": "yes",
"installed_version": "1.7.0",
"types": "",
"update_check_errors": "0"
},
"user_saml": {
"enabled": "yes",
"general-allow_multiple_user_back_ends": "1",
"general-idp0_display_name": "Anmelden",
"general-uid_mapping": "sAMAccountName",
"idp-entityId": "http:\/\/adfs.bl.ch\/adfs\/services\/trust",
"idp-singleLogoutService.url": "https:\/\/adfs.bl.ch\/adfs\/ls",
"idp-singleSignOnService.url": "https:\/\/adfs.bl.ch\/adfs\/ls\/idpinitiatedsignon.aspx",
"idp-x509cert": "***REMOVED SENSITIVE VALUE***",
"installed_version": "2.4.0",
"saml-attribute-mapping-displayName_mapping": "http:\/\/schemas.xmlsoap.org\/claims\/CommonName",
"saml-attribute-mapping-email_mapping": "http:\/\/schemas.xmlsoap.org\/ws\/2005\/05\/identity\/claims\/emailaddress",
"security-logoutRequestSigned": "1",
"security-logoutResponseSigned": "1",
"security-wantAssertionsSigned": "1",
"sp-name-id-format": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified",
"sp-privateKey": "***REMOVED SENSITIVE VALUE***",
"sp-x509cert": "***REMOVED SENSITIVE VALUE***",
"type": "saml",
"types": "authentication"
},
"viewer": {
"enabled": "yes",
"installed_version": "1.1.0",
"types": ""
},
"workflowengine": {
"enabled": "yes",
"installed_version": "1.7.0",
"types": "filesystem"
}
}
Are you using encryption: yes
Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/…
Logs
Web server error log
Web server error log
==> …/log/share_bl_ch-ssl_access_ssl.log <==
10.12.95.46 - - [09/Oct/2019:13:00:45 +0200] “POST /index.php/login HTTP/1.1” 302 - “-” “Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0”
10.12.95.46 - - [09/Oct/2019:13:00:45 +0200] “GET /index.php/apps/user_saml/saml/selectUserBackEnd?redirectUrl= HTTP/1.1” 200 12144 “-” “Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0”