Google as a SAML Provider

I have figured that out.
After changing to NC 13, pretty url are enabled by default (or maybe not) but this was the issue.

While i were configuring NC 12, i’ve had links to saml background like this:
https://nextcloud.domain.com/index.php/apps/user_saml/saml/acs
After upgrading to NC 13, i had to go to gsuite admin console, and change saml app setting in ACS URL and Entity ID to be without index.php
https://nextcloud.domain.com/apps/user_saml/saml/acs

Thanks Keith for suggestions.

2 Likes

Thanks @noizo - that fixed my exact problem on upgrading to NC 13.

I’ve now upgraded to NC13 and removing the index.php did not work for me. I left it 48 hours to propagate and it still gives the 403 err saying the app is not configured for the user. If I put the index.php back in I can sign on but it does not show my files and folders, blank where it should list them and I have none of the options like admin, users and personal. Is this something you experienced. (Note to self, must build a test instance)

I struggle a bit to get it working on my side as well. So have URL target of the iPd is https://accounts.google.com/o/saml2/idp?idpid=xxxxxxx then I get

403. That’s an error.

Error: app_not_configured_for_user

So following the suggestion here, I changed the url to

https://accounts.google.com/accountchooser?continue=https://accounts.google.com/o/saml2/idp?idpid=xxxxxx

Which redirects me to the google account chooser, but then I get, after selecting my account

null. That’s an error.

Error parsing the request, No SAML message present in request That’s all we know.

update

Sometimes I am not asked for a user account, so then I get the following from Netcloud

Account not provisioned.

Your account is not provisioned, access to this service is thus not possible.

Figured it out. THe suggestions with accountchooser seems wrong. On Google side, I have this attribute mapping configured


While on Nextcloud I have this config