NextCloud Single Sign-on (SSO) and Okta

Reaching out to the community in hopes someone can help solve a problem we are having with getting Single Sign-on (SSO) to work with Okta. The only official guide I was able to find was behind the NextCloud Enterprise paywall (all fine and good) but we do not have this available.

Through bits and pieces found in Google I was able to determine that I need to do the following:

  • Create an app in Okta.
  • Enable the SSO app in NextCloud.
  • Enter the following details in Okta and NextCloud:

(I added spaces in the URLs to remove the links so I could make this post. New users are limited to 4 links per post.)

SSO URL: https:// ${hostname}/apps/user_saml/saml/acs
Recepient URL: https:// ${hostname}/apps/user_saml/saml/acs
Destination URL: https:// ${hostname}/apps/user_saml/saml/acs
Audience URL: https:// ${hostname}/apps/user_saml/saml/metadata
You also need to add new attribute mapping:
Attribute name “uid” pointing to the emailAddress or username (it will be user login on the nextcloud side).

Attribute to map the UID to: uid
Identifier of the IdP entity:${20 digit hash}
URL Target of the IdP where the SP will send the Authentication Request Message: https:// ${org}${uri}
Certificate of IdP: paste from okta config

Using this setup I have not been able to get SSO to work. When logging in via the newly created app in Okta, the NextCloud instance returns the null value in an otherwise blank page. Logs inside of NextCloud itself show varying errors:

  • OneLogin\Saml2\Error: Invalid array settings: idp_sso_not_found
  • OneLogin\Saml2\Error: Invalid array settings: idp_entityId_not_found,
  • idp_sso_not_found
  • OneLogin\Saml2\Error: Invalid array settings:
  • idp_cert_or_fingerprint_not_found_and_required

If anyone has any idea on how to solve this problem, or has already solved it and could share their configuration steps it would be greatly appreciated.

1 Like

Update: I was able to configure SSO for NextCloud using Okta and the settings above.

What I discovered was that if I go to the NextCloud instance page it re-directs me to Okta and I can log in. If I try to login using the chiclet on the Okta dashboard, it gives me the null error.

Nothing in the NextCloud logs.

1 Like