Internal Server Error after upgrade to 26.0.0 when using SAML SSO

After upgrading “successfully” to 26.0.0 when using SAML login for SSO to Nextcloud, you may be unable to access nextcloud at all. After a successful SAML IDP login, nextcloud will show in the browser:

Internal Server Error
The server was unable to complete your request.

If this happens again, please send the technical details below to the server administrator.

More details can be found in the server log.

The server log will show:

TypeError: OCA\Password_Policy\ComplianceService::entryControl(): Argument #2 ($password) must be of type string, null given, called in /var/www/nextcloud/apps/password_policy/lib/Listener/BeforeUserLoggedInEventListener.php on line 45

To fix it quickly, just disable the “Password Policy” app, either via the direct login to the web ui as an administrator (bypassing saml), or via OCC command line.

Bypass saml login url for those unfamiliar:

Seems to be a bug in the password policy app expecting a variable that is not set, as it is a SAML login, so the variable will not be set.


Exactly same error here in my development after I upgrade to Nextcloud 26.
The login?direct=1 one works fine.

Disable the Password Policy app,
It works.
But is this a right way to do that, is there any security concern after disable the Password Policy app?


Same issue here, has it been reported on Github? Thanks very much for explaining the fix here, I would have never found the solution, or even the problem on my own.

Same Issue, for us…do you know when the update will be available for the application?
Best regards

I’m not sure Password Policy app is the right place to report this, there is also an issue for the user_saml app here:

I don’t think another app should be able to break SAML login like this.

Will there be a re-pre-release of RC2 of NC26 that resolves this issue? Should I pick it up manually from Github? Although I disabled the app, several other connections (client on phone) fails to connect due to this bug.

The same issue happened when the Nextcloud server was upgraded to 26.0.0, and the SAML SSO stopped working; after disabling the password policy app, SSO started to work.

Indeed, after installing 26.0.1 RC1 still same issue.
docc status

  • installed: true
  • version:
  • versionstring: 26.0.1 RC1
  • edition:
  • maintenance: false
  • needsDbUpgrade: false
  • productname: Nextcloud
  • extendedSupport: false

Where in the previous installation I did not use SAML it was flipped on in the 26 version. After switching it off again, I think business as usual.

That error might (also) have something to do with WebDAV - or at least with something that “touches” WebDAV.
I did the dance with Password Policy app but that didn’t do the trick. Found following:

Removing the tokens made it work for me. Drawback: connections via WebDAV seem to corrupt tokens, so for now I have to recreate them over and over again…

Does this issue happen on NC 25.0.6 as I hit the same error when upgrade NC25 to the latest docker image?

Yes, this issue is also present on NC 25.0.6.

Is there any working or patch we can test or try for this?