Hello,
I am running Nextcloud v17 and I would like to use JumpCloud SAML service to authentificate to my nextcloud account.
JumpCloud has a Nextcloud connector available, which I activated and configured.
I tried and configure the Nextcloud SSO plugin on the other side, but it doesnt work.
Has anyone succeded in this and can help with the config options I have to use, both in Nextcloud an JumpCloud ?
Thanks
Here is my Jumpcloud IDP settings
User a SAML 2.0 template not the NextCloud template and fill it in as follows (BTW this is for
Nextcloud 18.0.4 installed via snap on Ubuntu 18.0.4 LTS)
Note to get around the post issue of only 4 urls per post I changed // to slash slash…
IDP Identity ID = JumpCloud
SP Identity ID = https:slash slash mynextcloud.local/index.php/apps/user_saml/saml/metadata
ACS URL = https:slash slash mynextcloud.local/index.php/apps/user_saml/saml/acs
SAMLSUBJECT NameID = username
SAMLSUBJECT NameID Format = urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
Signature Algorithm = RSA-SHA256
Default RelayState: https: slash slash mynextcloud.local/index.php
IDP URL = https: slash slash jumpcloud.com/saml2/mynextcloud
USER ATTRIBUTE MAPPING:
displayname -> fullname
email -> email
username -> username
Enable the groups attribute and set the field to “memberOf”
Here is Nextcloud SP configuration
Attribute to map the uuid to = username
Identifier of the idP entity (must be uri) = JumpCloud
URL target of IDP = https: slash slash sso.jumpcloud.com/saml2/bizcubed-nextcloud
Under Show optional Identity Provider settings …
SLO = https:slash slash console.jumpcloud.com/userconsole
Paste in IdP certificate from JumpCloud
Enter the Attribute mapping
displayname -> displayname
email -> email
groups -> memberOf
Under Show security settings…
Check the first option (logoutRequest)
Check the Last option (ADFS)
The only problem that I’m getting is sometimes if I log out
I am getting the following error in the login screen of nextcloud
Account not provisioned.
Your account is not provisioned, access to this service is thus not possible.
any suggestions ?
@JohnnyB75 I have followed your above steps
What do you settings look like?
What happens when you put in the url https://mynextcloud.local/index.php/apps/files/ after you get the “Account not provisioned” message?
we are running nextcloud on
Ubuntu 20.04 LTS (actually it is the vmware template from nextcloud)
Version: 7.4.3
The settings I used are identical to yours except “SAMLSUBJECT NameID Format”
because I dont see that setting there (SAML 1.1) instead I used 1.0
when I put the url https://mynextcloud.local/index.php/apps/files/ after I get the message …it redirect back to the nextcloud login page…
also we have tested https://www.okta.com/ SSO on this nextcloud instance and it worked fine.
Hi everybody. First off, thanks for your guides so far… I’ve followed the Jumpcloud setup guide further up in this thread, but to no avail.
I’ve also tried the article on medium that explains how to setup Azure ADFS SAML setup…
For both, I’m getting the same issue… the dreaded account is not provisioned.
I wish that there was some way to do further logging or testing in order to narrow this down.
Does anybody have any ideas?
Here are my current settings:
Jumpcloud:
ldP entity ID: JumpCloud
SP ENtityID : https.//users.obhecc.com/index.php/apps/user_saml/saml/metadata
acs url: https.//users.obhecc.com/index.php/apps/user_saml/saml/acs
SAML Subject NameID: username
SAMLSubject NameID format: urn:oasis:names:tc:SAML:1:1:nameid-format-unspecified
Sig: Algorithm: RSA-SHA256
Default Relay State: https://users.obhecc.com/index.php
Attributes:
displayname --> fullname
email --> email
username --> username
NextCloud
Attribute to map the UID to: username
Identifier: JumpCloud
URL Target of where the SP will send the auth request: https://sso.jumpcloud.com/saml2/nextcloud
Attribute mapping
displayname
email
username
I’ve checked the first and the last checkboxes under security settings
OK… after days and days and days… I seem to have gotten this working. I believe that using the email address as the subject name ID is what got things working…
I followed all the steps above and get the same issue as @Sx3 what do I do?
Edit:
forgot to set a custom attribute for username
Hi, I trying with 26.0.0 to set this up using the Email as the login but I still
get the account is not provisioned. Is anyone able to share their Jumpcoud please? Thanks
