Hi,
after upgrade from Nextcloud 10.0.0 to Nextcloud 11.0.2 the Login via SAML Authentication does not work anymore.
I get this failure: âReference validation failed, invalid_response, Not authenticatedâ
In the user_saml ChangeLog I have found the hint, that there are some new security features implemented - like âAssertion Validationâ.
I have noticed that the âpublic function validateDigestâ (nextcloud/apps/user_saml/3rdparty/vendor/onelogin/php-saml/extlib/xmlseclibs/xmlseclibs.php) return âFalseâ when the assertion part get checkt by this function.
There are two queries like: â$query = âstring(./secdsig:DigestMethod/@Algorithm)ââ and â$query = âstring(./secdsig:DigestMethod/@Algorithm)â;â But in my assertion there are no <ds:DigestMethod Algorithm> and ds:DigestValue sections.
Could this be the failure?
user_saml config:
âuser_samlâ: {
âinstalled_versionâ: â1.2.2â,
âtypesâ: âauthenticationâ,
âenabledâ: âyesâ,
âgeneral-uid_mappingâ: âurn:oid:0.9.2342.19200300.100.1.3â,
âgeneral-require_provisioned_accountâ: â1â,
âsp-x509certâ: â-----BEGIN CERTIFICATE-----[REMOVED]-----END CERTIFICATE-----â,
âsp-privateKeyâ: â-----BEGIN PRIVATE KEY-----[REMOVED]-----END PRIVATE KEY-----â,
âidp-entityIdâ: âhttps://[REMOVED]/IDP.xmlâ,
âidp-singleSignOnService.urlâ: âhttps://[REMOVED]/affwebservices/public/saml2ssoâ,
âidp-singleLogoutService.urlâ: âhttps://[REMOVED]/affwebservices/public/saml2sloâ,
âidp-x509certâ: â-----BEGIN CERTIFICATE-----[REMOVED]-----END CERTIFICATE-----â,
âsecurity-authnRequestsSignedâ: â1â,
âsecurity-logoutRequestSignedâ: â1â,
âsecurity-logoutResponseSignedâ: â1â,
âsecurity-wantMessagesSignedâ: â1â,
âsecurity-wantAssertionsSignedâ: â1â,
âsecurity-wantAssertionsEncryptedâ: â1â,
âgeneral-use_saml_auth_for_desktopâ: â1â,
âtypeâ: âsamlâ,
âsecurity-lowercaseUrlencodingâ: â0â
},
Assertion:
THX br, max