Global-site-selector installation with lookup-server

Support intro

Hi everyone
I recently installs 3 nextcloud instances with lookup-server
I want to use global scale but it’s not working

Nextcloud version 14
Operating system and version _: debian 9
PHP version: 7.0

Hi everyone.
I use external lookup-server too but nothing happen when i had it inside my nextcloud config :

Master :

‘gss.jwt.key’ => ‘XXX’,

// operation mode
‘gss.mode’ => ‘master’,

// define a master admins, this users will not be redirected to a slave but are
// allowed to login at the master node to perform administration tasks
‘gss.master.admin’ => [‘XXX’],

// define a class which will be used to decide on which server a user should be
// provisioned in case the lookup server doesn’t know the user yet.
// Note: That this will create a user account on a global scale note for every user
// so make sure that the Global Site Selector has verified if it is a valid user before.
// The user disovery module might require additional config paramters you can find in
// the documentation of the module
‘gss.user.discovery.module’ => ‘\OCA\GlobalSiteSelector\UserDiscoveryModules\UserDiscoverySAML’,
‘gss.discovery.saml.slave.mapping’ => ‘idp-parameter’,

‘loodkup_server’ => ‘

Slave :
‘gss.jwt.key’ => ‘XXX’,

// operation mode
‘gss.mode’ => ‘slave’,

// url of the master, so we can redirect the user back in case of an error
‘gss.master.url’ => 'http://XXX,
‘loodkup_server’ => ‘


This is a demo and you can test the lookup-server response if you want
On my access.log inside apache2 for lookup-server i did not found any request coming from the nextcloud’s

I just have this log on the master server :
{“reqId”:“EvajXydarEXxQfuB8IFJ”,“level”:3,“time”:“2019-01-10T08:53:38+00:00”,“remoteAddr”:“”,“user”:"–",“app”:“no app in context”,“method”:“POST”,“url”:"/index.php/login",“message”:{“Exception”:“OC\HintException”,“Message”:“Could not find location for user, populate”,“Code”:0,“Trace”:[{“file”:"/var/www/nextcloud/lib/private/legacy/hook.php",“line”:106,“function”:“handleLoginRequest”,“class”:“OCA\GlobalSiteSelector\Master”,“type”:"->",“args”:[{“run”:"*** sensitive parameter replaced ",“uid”:" sensitive parameter replaced ",“password”:" sensitive parameter replaced "}]},{“file”:"/var/www/nextcloud/lib/private/Server.php",“line”:406,“function”:“emit”,“class”:“OC_Hook”,“type”:"::",“args”:[“OC_User”,“pre_login”,{“run”:" sensitive parameter replaced ",“uid”:" sensitive parameter replaced ",“password”:" sensitive parameter replaced "}]},{“function”:“OC{closure}”,“class”:“OC\Server”,“type”:"->",“args”:[" sensitive parameters replaced "]},{“file”:"/var/www/nextcloud/lib/private/Hooks/EmitterTrait.php",“line”:99,“function”:“call_user_func_array”,“args”:[{" class ":“Closure”},[" sensitive parameter replaced "," sensitive parameter replaced "]]},{“file”:"/var/www/nextcloud/lib/private/Hooks/PublicEmitter.php",“line”:36,“function”:“emit”,“class”:“OC\Hooks\BasicEmitter”,“type”:"->",“args”:["\OC\User",“preLogin”,[" sensitive parameter replaced "," sensitive parameter replaced "]]},{“file”:"/var/www/nextcloud/core/Controller/LoginController.php",“line”:281,“function”:“emit”,“class”:“OC\Hooks\PublicEmitter”,“type”:"->",“args”:["\OC\User",“preLogin”,[" sensitive parameter replaced "," sensitive parameter replaced "]]},{“file”:"/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php",“line”:166,“function”:“tryLogin”,“class”:“OC\Core\Controller\LoginController”,“type”:"->",“args”:[" sensitive parameters replaced ***"]},{“file”:"/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php",“line”:99,“function”:“executeController”,“class”:“OC\AppFramework\Http\Dispatcher”,“type”:"->",“args”:[{" class “:“OC\Core\Controller\LoginController”},“tryLogin”]},{“file”:”/var/www/nextcloud/lib/private/AppFramework/App.php",“line”:118,“function”:“dispatch”,“class”:“OC\AppFramework\Http\Dispatcher”,“type”:"->",“args”:[{" class “:“OC\Core\Controller\LoginController”},“tryLogin”]},{“file”:”/var/www/nextcloud/lib/private/AppFramework/Routing/RouteActionHandler.php",“line”:47,“function”:“main”,“class”:“OC\AppFramework\App”,“type”:"::",“args”:[“OC\Core\Controller\LoginController”,“tryLogin”,{" class “:“OC\AppFramework\DependencyInjection\DIContainer”},{”_route":“core.login.tryLogin”}]},{“function”:"__invoke",“class”:“OC\AppFramework\Routing\RouteActionHandler”,“type”:"->",“args”:[{"_route":“core.login.tryLogin”}]},{“file”:"/var/www/nextcloud/lib/private/Route/Router.php",“line”:297,“function”:“call_user_func”,“args”:[{" class “:“OC\AppFramework\Routing\RouteActionHandler”},{”_route":“core.login.tryLogin”}]},{“file”:"/var/www/nextcloud/lib/base.php",“line”:987,“function”:“match”,“class”:“OC\Route\Router”,“type”:"->",“args”:["/login"]},{“file”:"/var/www/nextcloud/index.php",“line”:42,“function”:“handleRequest”,“class”:“OC”,“type”:"::",“args”:[]}],“File”:"/var/www/nextcloud/apps/globalsiteselector/lib/Master.php",“Line”:160,“Hint”:“Could not find location for user, populate”,“CustomMessage”:"–"},“userAgent”:“Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36”,“version”:“”}

My first question is . I use http and ip (no domain name)
did i have to use SSL and domain name ?

I am at the exactly same point at the moment.
Did you already found out what’s wrong?

No i’m stuck to this point…
You have to know. Nextcloud do not provide good documentation about this configuration.
Be patient, i’m working on it .

Hi Tanguy,

got it working :smiley:

You just need a certificate at the lookup server and https everywhere referring to it

Nice work !!!
Can you post here your nextcloud config and also your lookup-server too.
Could be interesting for the others

Best regards


‘gss.jwt.key’ => ‘SOtAUgXY7MEvHylpgWfC3xj5’,
‘gss.mode’ => ‘slave’,
‘gss.master.url’ => ‘http://labncgss.domain.lab’,
‘lookup_server’ => ‘https://labnclookup.domain.lab’,

‘gss.jwt.key’ => ‘SOtAUgXY7MEvHylpgWfC3xj5’,
‘gss.mode’ => ‘master’,
‘gss.master.admin’ => [‘admin’],
‘gss.discovery.saml.slave.mapping’ => ‘idp-parameter’ ,
‘gss.user.discovery.module’ => ‘\OCA\GlobalSiteSelector\UserDiscoveryModules\UserDiscoverySAML’,
‘lookup_server’ => ‘https://labnclookup.domain.lab’,
‘gs.enabled’ => true,


  • Create local database
  • setup webserver - follow the doc

There is not really a difference to Tanguy’s config.php files.

Hi, Yali0n
I am configing the gss now. I have configed slave and master nv server, but i can`t find the lookupserver doc,will you please give me a fave? my email: :stuck_out_tongue:


I’m trying to set up an lookup server since two days now, but I’m unable to get it work.
I set the following configuration to the master:

'lookup_server' => '',
'gss.jwt.key' => 'abcdefghijklmnopqrstuvwxyz',
'gss.mode' => 'master',
'gss.master.admin' => ['admin'],
'gss.discovery.saml.slave.mapping' => 'idp-parameter',
'gss.user.discovery.module' => '\\OCA\\GlobalSiteSelector\\UserDiscoveryModules\\UserDiscoverySAML',
'gs.enabled' => true,

And the following configuration for the lookup-server:

'DB' => [
		'host' => '',
		'db' => 'nextcloud_lookup',
		'user' => 'nextcloud_lookup',
		'pass' => '',
'ERROR_VERBOSE' => true,
'LOG' => '/mnt/www-data/lookup-server/log/lookup.log',
'REPLICATION_LOG' => '/mnt/www-data/lookup-server/log/lookup_replication.log',
'MAX_REQUESTS' => 1000,
'REPLICATION_AUTH' => 'z54aka22v74eW8fo1i4OgIT76iyEh7',
'SLAVEREPLICATION_AUTH' => 'z54aka22v74eW8fo1i4OgIT76iyEh7',
#       ''
'EMAIL_SENDER' => 'admin@my.server',
'PUBLIC_URL' => '',
'GLOBAL_SCALE' => true,
'AUTH_KEY' => 'abcdefghijklmnopqrstuvwxyz',
'TWITTER' => [
		'CONSUMER_KEY' => '',
		'ACCESS_TOKEN' => '',

I can see that NextCloud is trying to get the user from the lookup-server.
But if i add a user they are not inserted into the lookup database.

Further more, the logging is not working at all.
I checked where the ERROR_VERBOSE, LOG and REPLICATION_LOG entries are used, but they seem to not be used at all.

I tried to use the CreateUser REST API’s with Postman but I have no idea how to create a valid signature.

How can I advice NextCloud to publish a newly created user to the lookup-server?
How can I debug what is going wrong?

Thank you!


  • NextCloud 20.0.5, PHP 7.3.19, MariaDB 10.3.27
  • lookup-server 0.3.1, PHP 7.3.19, MariaDB 10.3.27

I got some steps further, but it seems that the global-site-selector is not working properly.

At first I found two bugs, one in the lookup-server which is not providing a proper return value instead it is mostly answering with 200 OK, even if it failed (PullRequest).
Further more If found out that the nextcloud module lookup-server-connector is not providing the published details to the lookup-server (Issue).

After I found the first bug, I also found out that the lookup-server is requesting the “identity prove key” via http request from the server:
'http://'.$host . '/ocs/v2.php/identityproof/key/' . $user
The problem for me was that my server was not answering on port 80.
After i opened port 80 and installed a redirect to https, the user was successfully registered.
But the public data was still missing.

The problem with the public data is caused by the bug in the lookup-server-connector which I temporary solved with an ugly patch described in the bug report.

Now the global-site-selector is creating an endless redirection…

Hi @ttr have you manged to get it working on your side?
I’m in the exactly same point…