Getting "Account not provisioned. Your account is not provisioned, access to this service is thus not possible" During SAML Auth in nextcloud

Riyas · July 17, 2023, 9:23am

Dear all,

I am facing some issues while authenticating the next cloud with Keycoak SAML.

Error in GUI:
Account not provisioned.
Your account is not provisioned, access to this service is thus not possible.

Error in Backend:
{“reqId”:“QNLUBTl4VhpKjmFy8mP4”,“level”:3,“time”:“July 17, 2023 09:15:07”,“remoteAddr”:“172.20.16.152”,“user”:“–”,“app”:“PHP”,“method”:“POST”,“url”:“/index.php/apps/user_saml/saml/acs”,“message”:“openssl_x509_read(): supplied parameter cannot be coerced into an X509 certificate! at /data/nextcloud/apps/user_saml/3rdparty/vendor/robrichards/xmlseclibs/src/XMLSecurityKey.php#365”,“userAgent”:“Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36”,“version”:“22.2.3.0”,“exception”:{“Exception”:“Error”,“Message”:“openssl_x509_read(): supplied parameter cannot be coerced into an X509 certificate! at /data/nextcloud/apps/user_saml/3rdparty/vendor/robrichards/xmlseclibs/src/XMLSecurityKey.php#365”,“Code”:0,“Trace”:[{“function”:“onError”,“class”:“OC\Log\ErrorHandler”,“type”:“::”,“args”:[2,“openssl_x509_read(): supplied parameter cannot be coerced into an X509 certificate!”,“/data/nextcloud/apps/user_saml/3rdparty/vendor/robrichards/xmlseclibs/src/XMLSecurityKey.php”,365,{“key”:“-----BEGIN CERTIFICATE-----\n----BEGINCERTIFICATE----GxsHX-NSQERvLVXSJNcLVylt_G3106oXh3sOiMKq\n0lE\t----ENDCERITIFICATE----\n-----END CERTIFICATE-----\n”,“isFile”:false,“isCert”:true}]},{“file”:“/data/nextcloud/apps/user_saml/3rdparty/vendor/robrichards/xmlseclibs/src/XMLSecurityKey.php”,“line”:365,“function”:“openssl_x509_read”,“args”:[“-----BEGIN CERTIFICATE-----\n----BEGINCERTIFICATE----GxsHX-NSQERvLVXSJNcLVylt_G3106oXh3sOiMKq\n0lE\t----ENDCERITIFICATE----\n-----END CERTIFICATE-----\n”]},{“file”:“/data/nextcloud/apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Utils.php”,“line”:1501,“function”:“loadKey”,“class”:“RobRichards\XMLSecLibs\XMLSecurityKey”,“type”:“->”,“args”:[“-----BEGIN CERTIFICATE-----\n----BEGINCERTIFICATE----GxsHX-NSQERvLVXSJNcLVylt_G3106oXh3sOiMKq\n0lE\t----ENDCERITIFICATE----\n-----END CERTIFICATE-----\n”,false,true]},{“file”:“/data/nextcloud/apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Response.php”,“line”:431,“function”:“validateSign”,“class”:“OneLogin\Saml2\Utils”,“type”:“::”,“args”:[{“class”:“DOMDocument”},“-----BEGIN CERTIFICATE-----\n----BEGINCERTIFICATE----GxsHX-NSQERvLVXSJNcLVylt_G3106oXh3sOiMKq\n0lE\t----ENDCERITIFICATE----\n-----END CERTIFICATE-----\n”,“”,“sha1”,“/samlp:Response/ds:Signature”,[“-----BEGIN CERTIFICATE-----\n----BEGINCERTIFICATE----GxsHX-NSQERvLVXSJNcLVylt_G3106oXh3sOiMKq\n0lE\t----ENDCERITIFICATE----\n-----END CERTIFICATE-----\n”]]},{“file”:“/data/nextcloud/apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Auth.php”,“line”:238,“function”:“isValid”,“class”:“OneLogin\Saml2\Response”,“type”:“->”,“args”:[“ONELOGIN_fb32e1d67eb5a37d07454ab4103e69f85c74be65”]},{“file”:“/data/nextcloud/apps/user_saml/lib/Controller/SAMLController.php”,“line”:353,“function”:“processResponse”,“class”:“OneLogin\Saml2\Auth”,“type”:“->”,“args”:[“ONELOGIN_fb32e1d67eb5a37d07454ab4103e69f85c74be65”]},{“file”:“/data/nextcloud/lib/private/AppFramework/Http/Dispatcher.php”,“line”:217,“function”:“assertionConsumerService”,“class”:“OCA\User_SAML\Controller\SAMLController”,“type”:“->”,“args”:[]},{“file”:“/data/nextcloud/lib/private/AppFramework/Http/Dispatcher.php”,“line”:126,“function”:“executeController”,“class”:“OC\AppFramework\Http\Dispatcher”,“type”:“->”,“args”:[{“class”:“OCA\User_SAML\Controller\SAMLController”},“assertionConsumerService”]},{“file”:“/data/nextcloud/lib/private/AppFramework/App.php”,“line”:156,“function”:“dispatch”,“class”:“OC\AppFramework\Http\Dispatcher”,“type”:“->”,“args”:[{“class”:“OCA\User_SAML\Controller\SAMLController”},“assertionConsumerService”]},{“file”:“/data/nextcloud/lib/private/Route/Router.php”,“line”:302,“function”:“main”,“class”:“OC\AppFramework\App”,“type”:“::”,“args”:[“OCA\User_SAML\Controller\SAMLController”,“assertionConsumerService”,{“class”:“OC\AppFramework\DependencyInjection\DIContainer”},{“_route”:“user_saml.SAML.assertionConsumerService”}]},{“file”:“/data/nextcloud/lib/base.php”,“line”:1006,“function”:“match”,“class”:“OC\Route\Router”,“type”:“->”,“args”:[“/apps/user_saml/saml/acs”]},{“file”:“/data/nextcloud/index.php”,“line”:36,“function”:“handleRequest”,“class”:“OC”,“type”:“::”,“args”:[]}],“File”:“/data/nextcloud/lib/private/Log/ErrorHandler.php”,“Line”:92,“CustomMessage”:“–”}}
{“reqId”:“QNLUBTl4VhpKjmFy8mP4”,“level”:3,“time”:“July 17, 2023 09:15:07”,“remoteAddr”:“172.20.16.152”,“user”:“–”,“app”:“PHP”,“method”:“POST”,“url”:“/index.php/apps/user_saml/saml/acs”,“message”:“openssl_x509_export(): cannot get cert from parameter 1 at /data/nextcloud/apps/user_saml/3rdparty/vendor/robrichards/xmlseclibs/src/XMLSecurityKey.php#366”,“userAgent”:“Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36”,“version”:“22.2.3.0”,“exception”:{“Exception”:“Error”,“Message”:“openssl_x509_export(): cannot get cert from parameter 1 at /data/nextcloud/apps/user_saml/3rdparty/vendor/robrichards/xmlseclibs/src/XMLSecurityKey.php#366”,“Code”:0,“Trace”:[{“function”:“onError”,“class”:“OC\Log\ErrorHandler”,“type”:“::”,“args”:[2,“openssl_x509_export(): cannot get cert from parameter 1”,“/data/nextcloud/apps/user_saml/3rdparty/vendor/robrichards/xmlseclibs/src/XMLSecurityKey.php”,366,{“key”:“-----BEGIN CERTIFICATE-----\n----BEGINCERTIFICATE----GxsHX-NSQERvLVXSJNcLVylt_G3106oXh3sOiMKq\n0lE\t----ENDCERITIFICATE----\n-----END CERTIFICATE-----\n”,“isFile”:false,“isCert”:true,“str_cert”:null}]},{“file”:“/data/nextcloud/apps/user_saml/3rdparty/vendor/robrichards/xmlseclibs/src/XMLSecurityKey.php”,“line”:366,“function”:“openssl_x509_export”,“args”:[false,null]},{“file”:“/data/nextcloud/apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Utils.php”,“line”:1501,“function”:“loadKey”,“class”:“RobRichards\XMLSecLibs\XMLSecurityKey”,“type”:“->”,“args”:[“-----BEGIN CERTIFICATE-----\n----BEGINCERTIFICATE----GxsHX-NSQERvLVXSJNcLVylt_G3106oXh3sOiMKq\n0lE\t----ENDCERITIFICATE----\n-----END CERTIFICATE-----\n”,false,true]},{“file”:“/data/nextcloud/apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Response.php”,“line”:431,“function”:“validateSign”,“class”:“OneLogin\Saml2\Utils”,“type”:“::”,“args”:[{“class”:“DOMDocument”},“-----BEGIN CERTIFICATE-----\n----BEGINCERTIFICATE----GxsHX-NSQERvLVXSJNcLVylt_G3106oXh3sOiMKq\n0lE\t----ENDCERITIFICATE----\n-----END CERTIFICATE-----\n”,“”,“sha1”,“/samlp:Response/ds:Signature”,[“-----BEGIN CERTIFICATE-----\n----BEGINCERTIFICATE----GxsHX-NSQERvLVXSJNcLVylt_G3106oXh3sOiMKq\n0lE\t----ENDCERITIFICATE----\n-----END CERTIFICATE-----\n”]]},{“file”:“/data/nextcloud/apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Auth.php”,“line”:238,“function”:“isValid”,“class”:“OneLogin\Saml2\Response”,“type”:“->”,“args”:[“ONELOGIN_fb32e1d67eb5a37d07454ab4103e69f85c74be65”]},{“file”:“/data/nextcloud/apps/user_saml/lib/Controller/SAMLController.php”,“line”:353,“function”:“processResponse”,“class”:“OneLogin\Saml2\Auth”,“type”:“->”,“args”:[“ONELOGIN_fb32e1d67eb5a37d07454ab4103e69f85c74be65”]},{“file”:“/data/nextcloud/lib/private/AppFramework/Http/Dispatcher.php”,“line”:217,“function”:“assertionConsumerService”,“class”:“OCA\User_SAML\Controller\SAMLController”,“type”:“->”,“args”:[]},{“file”:“/data/nextcloud/lib/private/AppFramework/Http/Dispatcher.php”,“line”:126,“function”:“executeController”,“class”:“OC\AppFramework\Http\Dispatcher”,“type”:“->”,“args”:[{“class”:“OCA\User_SAML\Controller\SAMLController”},“assertionConsumerService”]},{“file”:“/data/nextcloud/lib/private/AppFramework/App.php”,“line”:156,“function”:“dispatch”,“class”:“OC\AppFramework\Http\Dispatcher”,“type”:“->”,“args”:[{“class”:“OCA\User_SAML\Controller\SAMLController”},“assertionConsumerService”]},{“file”:“/data/nextcloud/lib/private/Route/Router.php”,“line”:302,“function”:“main”,“class”:“OC\AppFramework\App”,“type”:“::”,“args”:[“OCA\User_SAML\Controller\SAMLController”,“assertionConsumerService”,{“class”:“OC\AppFramework\DependencyInjection\DIContainer”},{“_route”:“user_saml.SAML.assertionConsumerService”}]},{“file”:“/data/nextcloud/lib/base.php”,“line”:1006,“function”:“match”,“class”:“OC\Route\Router”,“type”:“->”,“args”:[“/apps/user_saml/saml/acs”]},{“file”:“/data/nextcloud/index.php”,“line”:36,“function”:“handleRequest”,“class”:“OC”,“type”:“::”,“args”:[]}],“File”:“/data/nextcloud/lib/private/Log/ErrorHandler.php”,“Line”:92,“CustomMessage”:“–”}}
{“reqId”:“QNLUBTl4VhpKjmFy8mP4”,“level”:4,“time”:“July 17, 2023 09:15:07”,“remoteAddr”:“172.20.16.152”,“user”:“–”,“app”:“user_saml”,“method”:“POST”,“url”:“/index.php/apps/user_saml/saml/acs”,“message”:“invalid_response”,“userAgent”:“Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36”,“version”:“22.2.3.0”}
{“reqId”:“QNLUBTl4VhpKjmFy8mP4”,“level”:4,“time”:“July 17, 2023 09:15:07”,“remoteAddr”:“172.20.16.152”,“user”:“–”,“app”:“user_saml”,“method”:“POST”,“url”:“/index.php/apps/user_saml/saml/acs”,“message”:“Unable to extract public key”,“userAgent”:“Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36”,“version”:“22.2.3.0”}

I am struggling to fix this for more than a week, Kindly help to resolve it.

Riyas · July 18, 2023, 7:10am

Hi

Please help on this, This is a very big blocker for us.

a3linux · July 21, 2023, 1:43pm

Could you confirm your NC version and user_saml version, I wonder we hit the same error.
Mine one is here, NC 27.0.1 SSO / SAML with Authentik error - #3 by a3linux
and in NC UI, I also got “Account not provisioned”