I have installed Nextcloud 11 on CentOS 7.3. I also have Keycloak (2.2.1 Final) installed on a different CentOS 7.3 machine. Both Nextcloud and Keycloak work individually.
I followed this helpful tutorial to attempt to have Nextcloud make use of Keycloak for SAML2 auth:
http://www.cloudforms-blog.com/2016/10/nextcloud-and-keycloak-saml.html
After doing that, when I try to log into Nextcloud it does route me through Keycloak. After logging into Keycloak I am sent back to Nextcloud. However, at that point I get an error message on Nextcloud:
Internal Server Error
The server encountered an internal error and was unable to complete your request.
Please contact the server administrator if this error reappears multiple times, please include the technical details below in your report.
More details can be found in the server log.
So I look in the Nextcloud log file and find this exception:
{“reqId”:“WFL8evFFZnnmN7PP808mWAAAAAc”,“remoteAddr”:“10.137.3.8”,“app”:“index”,“message”:“Exception: {"Exception":"Exception","Message":"Found an Attribute element with duplicated Name|Role|Array\n(\n [email2] => Array\n (\n [0] => bob@example\n )\n\n [Role] => Array\n (\n [0] => view-profile\n )\n\n)\n|","Code":0,"Trace":"#0 \/var\/www\/html\/nextcloud\/apps\/user_saml\/3rdparty\/vendor\/onelogin\/php-saml\/lib\/Saml2\/Auth.php(127): OneLogin_Saml2_Response->getAttributes()\n#1 \/var\/www\/html\/nextcloud\/apps\/user_saml\/lib\/Controller\/SAMLController.php(179): OneLogin_Saml2_Auth->processResponse(‘ONELOGIN_db49d4…’)\n#2 [internal function]: OCA\\User_SAML\\Controller\\SAMLController->assertionConsumerService()\n#3 \/var\/www\/html\/nextcloud\/lib\/private\/AppFramework\/Http\/Dispatcher.php(160): call_user_func_array(Array, Array)\n#4 \/var\/www\/html\/nextcloud\/lib\/private\/AppFramework\/Http\/Dispatcher.php(90): OC\\AppFramework\\Http\\Dispatcher->executeController(Object(OCA\\User_SAML\\Controller\\SAMLController), ‘assertionConsum…’)\n#5 \/var\/www\/html\/nextcloud\/lib\/private\/AppFramework\/App.php(114): OC\\AppFramework\\Http\\Dispatcher->dispatch(Object(OCA\\User_SAML\\Controller\\SAMLController), ‘assertionConsum…’)\n#6 \/var\/www\/html\/nextcloud\/lib\/private\/AppFramework\/Routing\/RouteActionHandler.php(47): OC\\AppFramework\\App::main(‘SAMLController’, ‘assertionConsum…’, Object(OC\\AppFramework\\DependencyInjection\\DIContainer), Array)\n#7 [internal function]: OC\\AppFramework\\Routing\\RouteActionHandler->__invoke(Array)\n#8 \/var\/www\/html\/nextcloud\/lib\/private\/Route\/Router.php(299): call_user_func(Object(OC\\AppFramework\\Routing\\RouteActionHandler), Array)\n#9 \/var\/www\/html\/nextcloud\/lib\/base.php(1010): OC\\Route\\Router->match(‘\/apps\/user_saml…’)\n#10 \/var\/www\/html\/nextcloud\/index.php(40): OC::handleRequest()\n#11 {main}","File":"\/var\/www\/html\/nextcloud\/apps\/user_saml\/3rdparty\/vendor\/onelogin\/php-saml\/lib\/Saml2\/Response.php","Line":551}”,“level”:3,“time”:“2016-12-15T20:26:34+00:00”,“method”:“POST”,“url”:“/nextcloud/index.php/apps/user_saml/saml/acs”,“user”:“–”,“version”:“11.0.0.10”}
NOTE that everything between the 3 pipes after “Found an Attribute element with duplicated Name” is from a print_r() showing which entry was being cycled through when the exception was thrown (“Role”). The second set of data is a print_r of the $attributes var.
This doesn’t mean much to me, it’s just the result of me trying to trace down what I found in the exception report.
HOWEVER, if I block out the following if block in apps/user_saml/3rdparty/vendor/onelogin/php-saml/lib/Saml2/Response.php, then the process seems to work:
if (in_array($attributeName, array_keys($attributes))) {
I tried it with several newly generated Keycloak users, and Nextcloud will faithfully create new users when the above code is blocked out.
SO, my question is… did I do something wrong during config, or is this a Nextcloud issue? Is my workaround safe or no?
Thanks!