How to use SSO and external storage when "Log-in credentials, save in database" activated?

Hey

I have an external storage which I want to connect with different protocols (starting with SMB). In order to see only the files presented through the share as well as writing the files with the right permission (as the user itself) I chose “Log-In credentials, save in database” together with LDAP. This works flawlessly,

Then I thought I would like to use our SSO and I got it to work with ADFS. The problem is now, that this is like an independent user (or at least some details are missing) because the mounting of external storage does no longer work. Do I miss some values to deliver from SSO or is this not possible what I would like to achieve?

Any help greatly appreciated!

Hi

I have tried with disabling LDAP completely and only using SSO with SAML2.0.

I found out that although SSO works fine and the user gets created, it is not trying to log on at the external storage at all because this failure:

{"reqId":"KeJ0UVHogVrxGGrXtn5I","level":3,"time":"2017-06-24T18:49:56+02:00","remoteAddr":"10.28.14.103","user":"--","app":"PHP","method":"POST","url":"\/apps\/user_saml\/saml\/acs","message":"Invalid argument supplied for foreach() at \/var\/www\/nextcloud\/apps\/user_saml\/lib\/userbackend.php#394","userAgent":"Mozilla\/5.0 (X11; Linux x86_64; rv:54.0) Gecko\/20100101 Firefox\/54.0","version":"12.0.0.29"}

{"reqId":"CQ6tWFz4XQJXzcHSXURK","level":3,"time":"2017-06-24T18:51:20+02:00","remoteAddr":"10.28.14.103","user":"--","app":"PHP","method":"POST","url":"\/apps\/user_saml\/saml\/acs","message":"Undefined offset: 1 at \/var\/www\/nextcloud\/apps\/user_saml\/lib\/userbackend.php#416","userAgent":"Mozilla\/5.0 (X11; Linux x86_64; rv:54.0) Gecko\/20100101 Firefox\/54.0","version":"12.0.0.29"}

Does anyone have an idea what that is about or how I should address this issue?

Hello,

I have exactly the same problem, did you find a solution please?

Hi
I am having the same issue, after SSO the SMB shares stopped working. Did anyone find the solution to the problem?
Thanks in advance

Hello

Is there still no solution available for SSO & SMB External Storage?
Thank you.

Hi

At the moment it is technically impossible as the Nextcloud service never gets to “see” the real credentials. The whole authentication process is done on the SSO server and only a ticket is returned. So Nextcloud would have to develop a solution like “save SMB credentials in database”.

Still then it would not be fully automated but the user could e.g. enter the password once it was updated and then Nextcloud could use that to log on to SMB storage until the next password change.

I am not fully sure on integrating Kerberos with SMB though (if there is a more automated solution possible) and for now I got the feedback that I have to use LDAP therefore to have the desired functionality on SMB mounts…

1 Like