SAML in App and Safari not working on IOS devices (iPhone/iPad) for Nextcloud version 13, 14 or 15 - user_saml


#1

After having user_saml working successfully early on in our Nextcloud version 13 rollout using both the IOS application and through Safari, it stopped working.

Now when we attempt to login to a SAML instance. we are stuck at a blank screen after entering our credentials:

Local logins still work inside the application and via Safari. Using safari we get the too many redirects page:

If we reload on Safari, we do get logged in.

When logging in via the application, Nextcloud logs the following:

Before creds:

 {"reqId":"XDkd-iTlc77ZG48J628wbwAAANI","level":4,"time":"2019-01-11T22:51:43+00:00","remoteAddr":"10.10.10","user":"--","app":"user_saml","method":"GET","url":"\/nextcloud\/index.php\/apps\/user_saml\/saml\/selectUserBackEnd?redirectUrl=\/nextcloud\/index.php\/login\/flow\/grant%3FstateToken%3D9kvkRjyStJuL4ZYUH5vHtHA00p3R2SIJSGEXrHX2cgz673g1S6zUQzLrY7AqA6rf%26clientIdentifier%3D","message":"SAML __construct","userAgent":"Mozilla\/5.0 (iOS) Nextcloud-iOS\/2.22.7","version":"15.0.0.10"}
{"reqId":"XDkd-iTlc77ZG48J628wbwAAANI","level":4,"time":"2019-01-11T22:51:43+00:00","remoteAddr":"10.10.10","user":"--","app":"user_saml","method":"GET","url":"\/nextcloud\/index.php\/apps\/user_saml\/saml\/selectUserBackEnd?redirectUrl=\/nextcloud\/index.php\/login\/flow\/grant%3FstateToken%3D9kvkRjyStJuL4ZYUH5vHtHA00p3R2SIJSGEXrHX2cgz673g1S6zUQzLrY7AqA6rf%26clientIdentifier%3D","message":"SAML selectUserBackEnd","userAgent":"Mozilla\/5.0 (iOS) Nextcloud-iOS\/2.22.7","version":"15.0.0.10"}
{"reqId":"XDkd-iTlc77ZG48J628wbwAAANI","level":4,"time":"2019-01-11T22:51:43+00:00","remoteAddr":"10.10.10","user":"--","app":"user_saml","method":"GET","url":"\/nextcloud\/index.php\/apps\/user_saml\/saml\/selectUserBackEnd?redirectUrl=\/nextcloud\/index.php\/login\/flow\/grant%3FstateToken%3D9kvkRjyStJuL4ZYUH5vHtHA00p3R2SIJSGEXrHX2cgz673g1S6zUQzLrY7AqA6rf%26clientIdentifier%3D","message":"SAML getDirectLoginUrl","userAgent":"Mozilla\/5.0 (iOS) Nextcloud-iOS\/2.22.7","version":"15.0.0.10"}
{"reqId":"XDkd-iTlc77ZG48J628wbwAAANI","level":4,"time":"2019-01-11T22:51:43+00:00","remoteAddr":"10.10.10","user":"--","app":"user_saml","method":"GET","url":"\/nextcloud\/index.php\/apps\/user_saml\/saml\/selectUserBackEnd?redirectUrl=\/nextcloud\/index.php\/login\/flow\/grant%3FstateToken%3D9kvkRjyStJuL4ZYUH5vHtHA00p3R2SIJSGEXrHX2cgz673g1S6zUQzLrY7AqA6rf%26clientIdentifier%3D","message":"SAML getIdps","userAgent":"Mozilla\/5.0 (iOS) Nextcloud-iOS\/2.22.7","version":"15.0.0.10"}
{"reqId":"XDkd-iTlc77ZG48J628wbwAAANI","level":4,"time":"2019-01-11T22:51:43+00:00","remoteAddr":"10.10.10","user":"--","app":"user_saml","method":"GET","url":"\/nextcloud\/index.php\/apps\/user_saml\/saml\/selectUserBackEnd?redirectUrl=\/nextcloud\/index.php\/login\/flow\/grant%3FstateToken%3D9kvkRjyStJuL4ZYUH5vHtHA00p3R2SIJSGEXrHX2cgz673g1S6zUQzLrY7AqA6rf%26clientIdentifier%3D","message":"SAML getSSOUrl","userAgent":"Mozilla\/5.0 (iOS) Nextcloud-iOS\/2.22.7","version":"15.0.0.10"}
{"reqId":"XDkd-iTlc77ZG48J628wbwAAANI","level":4,"time":"2019-01-11T22:51:43+00:00","remoteAddr":"10.10.10","user":"--","app":"user_saml","method":"GET","url":"\/nextcloud\/index.php\/apps\/user_saml\/saml\/selectUserBackEnd?redirectUrl=\/nextcloud\/index.php\/login\/flow\/grant%3FstateToken%3D9kvkRjyStJuL4ZYUH5vHtHA00p3R2SIJSGEXrHX2cgz673g1S6zUQzLrY7AqA6rf%26clientIdentifier%3D","message":"SAML getSSODisplayName","userAgent":"Mozilla\/5.0 (iOS) Nextcloud-iOS\/2.22.7","version":"15.0.0.10"}
{"reqId":"XDkeBWZnHY967NIl-IpYUQAAABU","level":4,"time":"2019-01-11T22:51:49+00:00","remoteAddr":"10.10.10","user":"--","app":"user_saml","method":"GET","url":"\/nextcloud\/index.php\/apps\/user_saml\/saml\/login?requesttoken=cHmSFqHijscjwFU%2BrTjhEfD2i4FgGE4K\/%2BAP5YVl8yQ%3D%3AFxbkcOSN7aFtqmcM%2BmDWKKKj5NtUS3dCz8tuoMcq2FE%3D&originalUrl=https%3A\/\/my.testsite.org\/nextcloud\/index.php\/login\/flow\/grant%3FstateToken%3D9kvkRjyStJuL4ZYUH5vHtHA00p3R2SIJSGEXrHX2cgz673g1S6zUQzLrY7AqA6rf%26clientIdentifier%3D&idp=1","message":"SAML __construct","userAgent":"Mozilla\/5.0 (iOS) Nextcloud-iOS\/2.22.7","version":"15.0.0.10"}
{"reqId":"XDkeBWZnHY967NIl-IpYUQAAABU","level":4,"time":"2019-01-11T22:51:49+00:00","remoteAddr":"10.10.10","user":"--","app":"user_saml","method":"GET","url":"\/nextcloud\/index.php\/apps\/user_saml\/saml\/login?requesttoken=cHmSFqHijscjwFU%2BrTjhEfD2i4FgGE4K\/%2BAP5YVl8yQ%3D%3AFxbkcOSN7aFtqmcM%2BmDWKKKj5NtUS3dCz8tuoMcq2FE%3D&originalUrl=https%3A\/\/my.testsite.org\/nextcloud\/index.php\/login\/flow\/grant%3FstateToken%3D9kvkRjyStJuL4ZYUH5vHtHA00p3R2SIJSGEXrHX2cgz673g1S6zUQzLrY7AqA6rf%26clientIdentifier%3D&idp=1","message":"SAML Login","userAgent":"Mozilla\/5.0 (iOS) Nextcloud-iOS\/2.22.7","version":"15.0.0.10"}
{"reqId":"XDkeBR08ElR@@gF5mmGWegAAABE","level":4,"time":"2019-01-11T22:51:49+00:00","remoteAddr":"10.10.10","user":"--","app":"user_saml","method":"GET","url":"\/nextcloud\/index.php\/apps\/user_saml\/saml\/login?requesttoken=cHmSFqHijscjwFU%2BrTjhEfD2i4FgGE4K\/%2BAP5YVl8yQ%3D%3AFxbkcOSN7aFtqmcM%2BmDWKKKj5NtUS3dCz8tuoMcq2FE%3D&originalUrl=https%3A\/\/my.testsite.org\/nextcloud\/index.php\/login\/flow\/grant%3FstateToken%3D9kvkRjyStJuL4ZYUH5vHtHA00p3R2SIJSGEXrHX2cgz673g1S6zUQzLrY7AqA6rf%26clientIdentifier%3D&idp=1","message":"SAML __construct","userAgent":"Mozilla\/5.0 (iOS) Nextcloud-iOS\/2.22.7","version":"15.0.0.10"}
{"reqId":"XDkeBR08ElR@@gF5mmGWegAAABE","level":4,"time":"2019-01-11T22:51:49+00:00","remoteAddr":"10.10.10","user":"--","app":"user_saml","method":"GET","url":"\/nextcloud\/index.php\/apps\/user_saml\/saml\/login?requesttoken=cHmSFqHijscjwFU%2BrTjhEfD2i4FgGE4K\/%2BAP5YVl8yQ%3D%3AFxbkcOSN7aFtqmcM%2BmDWKKKj5NtUS3dCz8tuoMcq2FE%3D&originalUrl=https%3A\/\/my.testsite.org\/nextcloud\/index.php\/login\/flow\/grant%3FstateToken%3D9kvkRjyStJuL4ZYUH5vHtHA00p3R2SIJSGEXrHX2cgz673g1S6zUQzLrY7AqA6rf%26clientIdentifier%3D&idp=1","message":"SAML Login","userAgent":"Mozilla\/5.0 (iOS) Nextcloud-iOS\/2.22.7","version":"15.0.0.10"}

After Creds:
{"reqId":"XDkeM-H4crBhLRxej2gnrgAAAAg","level":4,"time":"2019-01-11T22:52:35+00:00","remoteAddr":"10.10.10","user":"--","app":"user_saml","method":"POST","url":"\/nextcloud\/index.php\/apps\/user_saml\/saml\/acs","message":"SAML __construct","userAgent":"Mozilla\/5.0 (iOS) Nextcloud-iOS\/2.22.7","version":"15.0.0.10"}
{"reqId":"XDkeM-H4crBhLRxej2gnrgAAAAg","level":4,"time":"2019-01-11T22:52:35+00:00","remoteAddr":"10.10.10","user":"--","app":"user_saml","method":"POST","url":"\/nextcloud\/index.php\/apps\/user_saml\/saml\/acs","message":"SAML assertionConsumerService","userAgent":"Mozilla\/5.0 (iOS) Nextcloud-iOS\/2.22.7","version":"15.0.0.10"}
{"reqId":"XDkeM-H4crBhLRxej2gnrgAAAAg","level":4,"time":"2019-01-11T22:52:35+00:00","remoteAddr":"10.10.10","user":"--","app":"user_saml","method":"POST","url":"\/nextcloud\/index.php\/apps\/user_saml\/saml\/acs","message":"SAML autoprovisionIfPossible","userAgent":"Mozilla\/5.0 (iOS) Nextcloud-iOS\/2.22.7","version":"15.0.0.10"}

Apache logs:

10.10.10 - - [11/Jan/2019:18:52:35 -0400] "POST /nextcloud/index.php/apps/user_saml/saml/acs HTTP/1.1" 303 - "https://saml.nspes.ca/simplesaml/module.php/core/loginuserpass.php?" "Mozilla/5.0 (iOS) Nextcloud-iOS/2.22.7"

10.10.10 - - [11/Jan/2019:18:52:35 -0400] "GET /nextcloud/index.php/login/flow/grant?stateToken=9kvkRjyStJuL4ZYUH5vHtHA00p3R2SIJSGEXrHX2cgz673g1S6zUQzLrY7AqA6rf&clientIdentifier= HTTP/1.1" 302 - "https://saml.nspes.ca/simplesaml/module.php/core/loginuserpass.php?" "Mozilla/5.0 (iOS) Nextcloud-iOS/2.22.7"

10.10.10 - - [11/Jan/2019:18:52:35 -0400] "GET /nextcloud/index.php/login/flow/grant?stateToken=9kvkRjyStJuL4ZYUH5vHtHA00p3R2SIJSGEXrHX2cgz673g1S6zUQzLrY7AqA6rf&clientIdentifier= HTTP/1.1" 302 - "https://saml.nspes.ca/simplesaml/module.php/core/loginuserpass.php?" "Mozilla/5.0 (iOS) Nextcloud-iOS/2.22.7"

10.10.10 - - [11/Jan/2019:18:52:35 -0400] "GET /nextcloud/index.php/login/flow/grant?stateToken=9kvkRjyStJuL4ZYUH5vHtHA00p3R2SIJSGEXrHX2cgz673g1S6zUQzLrY7AqA6rf&clientIdentifier= HTTP/1.1" 302 - "https://saml.nspes.ca/simplesaml/module.php/core/loginuserpass.php?" "Mozilla/5.0 (iOS) Nextcloud-iOS/2.22.7"

10.10.10 - - [11/Jan/2019:18:52:36 -0400] "GET /nextcloud/index.php/login/flow/grant?stateToken=9kvkRjyStJuL4ZYUH5vHtHA00p3R2SIJSGEXrHX2cgz673g1S6zUQzLrY7AqA6rf&clientIdentifier= HTTP/1.1" 302 - "https://saml.nspes.ca/simplesaml/module.php/core/loginuserpass.php?" "Mozilla/5.0 (iOS) Nextcloud-iOS/2.22.7"

10.10.10 - - [11/Jan/2019:18:52:36 -0400] "GET /nextcloud/index.php/login/flow/grant?stateToken=9kvkRjyStJuL4ZYUH5vHtHA00p3R2SIJSGEXrHX2cgz673g1S6zUQzLrY7AqA6rf&clientIdentifier= HTTP/1.1" 302 - "https://saml.nspes.ca/simplesaml/module.php/core/loginuserpass.php?" "Mozilla/5.0 (iOS) Nextcloud-iOS/2.22.7"

10.10.10 - - [11/Jan/2019:18:52:36 -0400] "GET /nextcloud/index.php/login/flow/grant?stateToken=9kvkRjyStJuL4ZYUH5vHtHA00p3R2SIJSGEXrHX2cgz673g1S6zUQzLrY7AqA6rf&clientIdentifier= HTTP/1.1" 302 - "https://saml.nspes.ca/simplesaml/module.php/core/loginuserpass.php?" "Mozilla/5.0 (iOS) Nextcloud-iOS/2.22.7"

10.10.10 - - [11/Jan/2019:18:52:36 -0400] "GET /nextcloud/index.php/login/flow/grant?stateToken=9kvkRjyStJuL4ZYUH5vHtHA00p3R2SIJSGEXrHX2cgz673g1S6zUQzLrY7AqA6rf&clientIdentifier= HTTP/1.1" 302 - "https://saml.nspes.ca/simplesaml/module.php/core/loginuserpass.php?" "Mozilla/5.0 (iOS) Nextcloud-iOS/2.22.7"

10.10.10 - - [11/Jan/2019:18:52:36 -0400] "GET /nextcloud/index.php/login/flow/grant?stateToken=9kvkRjyStJuL4ZYUH5vHtHA00p3R2SIJSGEXrHX2cgz673g1S6zUQzLrY7AqA6rf&clientIdentifier= HTTP/1.1" 302 - "https://saml.nspes.ca/simplesaml/module.php/core/loginuserpass.php?" "Mozilla/5.0 (iOS) Nextcloud-iOS/2.22.7"

10.10.10 - - [11/Jan/2019:18:52:36 -0400] "GET /nextcloud/index.php/login/flow/grant?stateToken=9kvkRjyStJuL4ZYUH5vHtHA00p3R2SIJSGEXrHX2cgz673g1S6zUQzLrY7AqA6rf&clientIdentifier= HTTP/1.1" 302 - "https://saml.nspes.ca/simplesaml/module.php/core/loginuserpass.php?" "Mozilla/5.0 (iOS) Nextcloud-iOS/2.22.7"

10.10.10 - - [11/Jan/2019:18:52:36 -0400] "GET /nextcloud/index.php/login/flow/grant?stateToken=9kvkRjyStJuL4ZYUH5vHtHA00p3R2SIJSGEXrHX2cgz673g1S6zUQzLrY7AqA6rf&clientIdentifier= HTTP/1.1" 302 - "https://saml.nspes.ca/simplesaml/module.php/core/loginuserpass.php?" "Mozilla/5.0 (iOS) Nextcloud-iOS/2.22.7"

10.10.10 - - [11/Jan/2019:18:52:36 -0400] "GET /nextcloud/index.php/login/flow/grant?stateToken=9kvkRjyStJuL4ZYUH5vHtHA00p3R2SIJSGEXrHX2cgz673g1S6zUQzLrY7AqA6rf&clientIdentifier= HTTP/1.1" 302 - "https://saml.nspes.ca/simplesaml/module.php/core/loginuserpass.php?" "Mozilla/5.0 (iOS) Nextcloud-iOS/2.22.7"

10.10.10 - - [11/Jan/2019:18:52:36 -0400] "GET /nextcloud/index.php/login/flow/grant?stateToken=9kvkRjyStJuL4ZYUH5vHtHA00p3R2SIJSGEXrHX2cgz673g1S6zUQzLrY7AqA6rf&clientIdentifier= HTTP/1.1" 302 - "https://saml.nspes.ca/simplesaml/module.php/core/loginuserpass.php?" "Mozilla/5.0 (iOS) Nextcloud-iOS/2.22.7"

10.10.10 - - [11/Jan/2019:18:52:36 -0400] "GET /nextcloud/index.php/login/flow/grant?stateToken=9kvkRjyStJuL4ZYUH5vHtHA00p3R2SIJSGEXrHX2cgz673g1S6zUQzLrY7AqA6rf&clientIdentifier= HTTP/1.1" 302 - "https://saml.nspes.ca/simplesaml/module.php/core/loginuserpass.php?" "Mozilla/5.0 (iOS) Nextcloud-iOS/2.22.7"

10.10.10 - - [11/Jan/2019:18:52:37 -0400] "GET /nextcloud/index.php/login/flow/grant?stateToken=9kvkRjyStJuL4ZYUH5vHtHA00p3R2SIJSGEXrHX2cgz673g1S6zUQzLrY7AqA6rf&clientIdentifier= HTTP/1.1" 302 - "https://saml.nspes.ca/simplesaml/module.php/core/loginuserpass.php?" "Mozilla/5.0 (iOS) Nextcloud-iOS/2.22.7"

10.10.10 - - [11/Jan/2019:18:52:37 -0400] "GET /nextcloud/index.php/login/flow/grant?stateToken=9kvkRjyStJuL4ZYUH5vHtHA00p3R2SIJSGEXrHX2cgz673g1S6zUQzLrY7AqA6rf&clientIdentifier= HTTP/1.1" 302 - "https://saml.nspes.ca/simplesaml/module.php/core/loginuserpass.php?" "Mozilla/5.0 (iOS) Nextcloud-iOS/2.22.7"

10.10.10 - - [11/Jan/2019:18:52:37 -0400] "GET /nextcloud/index.php/login/flow/grant?stateToken=9kvkRjyStJuL4ZYUH5vHtHA00p3R2SIJSGEXrHX2cgz673g1S6zUQzLrY7AqA6rf&clientIdentifier= HTTP/1.1" 302 - "https://saml.nspes.ca/simplesaml/module.php/core/loginuserpass.php?" "Mozilla/5.0 (iOS) Nextcloud-iOS/2.22.7"

Nextcloud data log when using Safari:

{"reqId":"XDkf8X4Z4woiQLokroha3QAAAI8","level":4,"time":"2019-01-11T23:00:02+00:00","remoteAddr":"10.10.10","user":"--","app":"user_saml","method":"POST","url":"\/nextcloud\/index.php\/apps\/user_saml\/saml\/acs","message":"SAML __construct","userAgent":"Mozilla\/5.0 (iPad; CPU OS 12_1_1 like Mac OS X) AppleWebKit\/605.1.15 (KHTML, like Gecko) Version\/12.0 Mobile\/15E148 Safari\/604.1","version":"15.0.0.10"}

{"reqId":"XDkf8X4Z4woiQLokroha3QAAAI8","level":4,"time":"2019-01-11T23:00:02+00:00","remoteAddr":"10.10.10","user":"--","app":"user_saml","method":"POST","url":"\/nextcloud\/index.php\/apps\/user_saml\/saml\/acs","message":"SAML assertionConsumerService","userAgent":"Mozilla\/5.0 (iPad; CPU OS 12_1_1 like Mac OS X) AppleWebKit\/605.1.15 (KHTML, like Gecko) Version\/12.0 Mobile\/15E148 Safari\/604.1","version":"15.0.0.10"}

{"reqId":"XDkf8X4Z4woiQLokroha3QAAAI8","level":4,"time":"2019-01-11T23:00:02+00:00","remoteAddr":"10.10.10","user":"--","app":"user_saml","method":"POST","url":"\/nextcloud\/index.php\/apps\/user_saml\/saml\/acs","message":"SAML autoprovisionIfPossible","userAgent":"Mozilla\/5.0 (iPad; CPU OS 12_1_1 like Mac OS X) AppleWebKit\/605.1.15 (KHTML, like Gecko) Version\/12.0 Mobile\/15E148 Safari\/604.1","version":"15.0.0.10"}

{"reqId":"XDkgBsy8O@QuRP9sg9D0AAAAACU","level":4,"time":"2019-01-11T23:00:22+00:00","remoteAddr":"10.10.10","user":"macleajb@gnspes.ca","app":"user_saml","method":"GET","url":"\/nextcloud\/index.php\/apps\/user_saml\/saml\/sls?requesttoken=mvgKr1HsGR0lWti7rWCVpKh\/sWynFjyQBNLWFt9WaGk%3D%3A1pY53T%2BAKjZAE6Lo%2BQ\/24fkpgw\/jemrgYIrlPYkjGyQ%3D","message":"SAML __construct","userAgent":"Mozilla\/5.0 (iPad; CPU OS 12_1_1 like Mac OS X) AppleWebKit\/605.1.15 (KHTML, like Gecko) Version\/12.0 Mobile\/15E148 Safari\/604.1","version":"15.0.0.10"}

{"reqId":"XDkgBsy8O@QuRP9sg9D0AAAAACU","level":4,"time":"2019-01-11T23:00:22+00:00","remoteAddr":"10.10.10","user":"macleajb@gnspes.ca","app":"user_saml","method":"GET","url":"\/nextcloud\/index.php\/apps\/user_saml\/saml\/sls?requesttoken=mvgKr1HsGR0lWti7rWCVpKh\/sWynFjyQBNLWFt9WaGk%3D%3A1pY53T%2BAKjZAE6Lo%2BQ\/24fkpgw\/jemrgYIrlPYkjGyQ%3D","message":"SAML singleLogoutService","userAgent":"Mozilla\/5.0 (iPad; CPU OS 12_1_1 like Mac OS X) AppleWebKit\/605.1.15 (KHTML, like Gecko) Version\/12.0 Mobile\/15E148 Safari\/604.1","version":"15.0.0.10"}

{"reqId":"XDkgBsy8O@QuRP9sg9D0AQAAACU","level":4,"time":"2019-01-11T23:00:22+00:00","remoteAddr":"10.10.10","user":"--","app":"user_saml","method":"GET","url":"\/nextcloud\/index.php\/apps\/user_saml\/saml\/sls?SAMLResponse=fVJbS8MwFP4rJe82l65bG7aBqMhgKjjxwZdxlpxqpU1CTwr7%2BWYd3kB8CeRLvltOlgR9F%2FTWv%2FoxPiIF7wizY9850tPRio2D0x6oJe2gR9LR6N3l3VarXOgw%2BOiN79gPyv8MIMIhtt6xbHO9Yvtq1oAVAuYLVatZiQt7kFhKi7WQCpvGlFJVBc5Kw7JnHCgxVywJJTrRiBtHEVxMkJD1hZAXUj6pQguhlXph2TVSbB3EifUWYyDN%2BSFVbbvwnqN1GHNHuQHu8BhN50fLW2fxmIe3wCEE4mPKuz%2F14uelo2TtPp%2Fqya%2FYw%2F3N9uF2c7%2Bf46FGOGBpF0UF86ouxcJUlZQJawzUdWNsIQrJ1suTlp4aDOvPXCcspQk4BaK2Dx1%2BGSve2sB7jGAhwinekv8UWZ4HuYsQR%2Fq9u%2FIWs2foRvx%2FNDTd1rvRGCRifH12%2BBblf32W9Qc%3D&RelayState=https%3A%2F%2Fmy.testsite.org%2Fnextcloud%2Findex.php%2Fapps%2Fuser_saml%2Fsaml%2Fsls","message":"SAML __construct","userAgent":"Mozilla\/5.0 (iPad; CPU OS 12_1_1 like Mac OS X) AppleWebKit\/605.1.15 (KHTML, like Gecko) Version\/12.0 Mobile\/15E148 Safari\/604.1","version":"15.0.0.10"}

{"reqId":"XDkgBsy8O@QuRP9sg9D0AwAAACU","level":4,"time":"2019-01-11T23:00:22+00:00","remoteAddr":"10.10.10","user":"--","app":"user_saml","method":"GET","url":"\/nextcloud\/index.php\/apps\/user_saml\/saml\/selectUserBackEnd?redirectUrl=\/nextcloud\/index.php\/apps\/user_saml\/saml\/sls%3FSAMLResponse%3DfVJbS8MwFP4rJe82l65bG7aBqMhgKjjxwZdxlpxqpU1CTwr7%252BWYd3kB8CeRLvltOlgR9F%252FTWv%252FoxPiIF7wizY9850tPRio2D0x6oJe2gR9LR6N3l3VarXOgw%252BOiN79gPyv8MIMIhtt6xbHO9Yvtq1oAVAuYLVatZiQt7kFhKi7WQCpvGlFJVBc5Kw7JnHCgxVywJJTrRiBtHEVxMkJD1hZAXUj6pQguhlXph2TVSbB3EifUWYyDN%252BSFVbbvwnqN1GHNHuQHu8BhN50fLW2fxmIe3wCEE4mPKuz%252F14uelo2TtPp%252Fqya%252FYw%252F3N9uF2c7%252Bf46FGOGBpF0UF86ouxcJUlZQJawzUdWNsIQrJ1suTlp4aDOvPXCcspQk4BaK2Dx1%252BGSve2sB7jGAhwinekv8UWZ4HuYsQR%252Fq9u%252FIWs2foRvx%252FNDTd1rvRGCRifH12%252BBblf32W9Qc%253D%26RelayState%3Dhttps%253A%252F%252Fmy.testsite.org%252Fnextcloud%252Findex.php%252Fapps%252Fuser_saml%252Fsaml%252Fsls","message":"SAML __construct","userAgent":"Mozilla\/5.0 (iPad; CPU OS 12_1_1 like Mac OS X) AppleWebKit\/605.1.15 (KHTML, like Gecko) Version\/12.0 Mobile\/15E148 Safari\/604.1","version":"15.0.0.10"}

{"reqId":"XDkgBsy8O@QuRP9sg9D0AwAAACU","level":4,"time":"2019-01-11T23:00:22+00:00","remoteAddr":"10.10.10","user":"--","app":"user_saml","method":"GET","url":"\/nextcloud\/index.php\/apps\/user_saml\/saml\/selectUserBackEnd?redirectUrl=\/nextcloud\/index.php\/apps\/user_saml\/saml\/sls%3FSAMLResponse%3DfVJbS8MwFP4rJe82l65bG7aBqMhgKjjxwZdxlpxqpU1CTwr7%252BWYd3kB8CeRLvltOlgR9F%252FTWv%252FoxPiIF7wizY9850tPRio2D0x6oJe2gR9LR6N3l3VarXOgw%252BOiN79gPyv8MIMIhtt6xbHO9Yvtq1oAVAuYLVatZiQt7kFhKi7WQCpvGlFJVBc5Kw7JnHCgxVywJJTrRiBtHEVxMkJD1hZAXUj6pQguhlXph2TVSbB3EifUWYyDN%252BSFVbbvwnqN1GHNHuQHu8BhN50fLW2fxmIe3wCEE4mPKuz%252F14uelo2TtPp%252Fqya%252FYw%252F3N9uF2c7%252Bf46FGOGBpF0UF86ouxcJUlZQJawzUdWNsIQrJ1suTlp4aDOvPXCcspQk4BaK2Dx1%252BGSve2sB7jGAhwinekv8UWZ4HuYsQR%252Fq9u%252FIWs2foRvx%252FNDTd1rvRGCRifH12%252BBblf32W9Qc%253D%26RelayState%3Dhttps%253A%252F%252Fmy.testsite.org%252Fnextcloud%252Findex.php%252Fapps%252Fuser_saml%252Fsaml%252Fsls","message":"SAML selectUserBackEnd","userAgent":"Mozilla\/5.0 (iPad; CPU OS 12_1_1 like Mac OS X) AppleWebKit\/605.1.15 (KHTML, like Gecko) Version\/12.0 Mobile\/15E148 Safari\/604.1","version":"15.0.0.10"}

{"reqId":"XDkgBsy8O@QuRP9sg9D0AwAAACU","level":4,"time":"2019-01-11T23:00:22+00:00","remoteAddr":"10.10.10","user":"--","app":"user_saml","method":"GET","url":"\/nextcloud\/index.php\/apps\/user_saml\/saml\/selectUserBackEnd?redirectUrl=\/nextcloud\/index.php\/apps\/user_saml\/saml\/sls%3FSAMLResponse%3DfVJbS8MwFP4rJe82l65bG7aBqMhgKjjxwZdxlpxqpU1CTwr7%252BWYd3kB8CeRLvltOlgR9F%252FTWv%252FoxPiIF7wizY9850tPRio2D0x6oJe2gR9LR6N3l3VarXOgw%252BOiN79gPyv8MIMIhtt6xbHO9Yvtq1oAVAuYLVatZiQt7kFhKi7WQCpvGlFJVBc5Kw7JnHCgxVywJJTrRiBtHEVxMkJD1hZAXUj6pQguhlXph2TVSbB3EifUWYyDN%252BSFVbbvwnqN1GHNHuQHu8BhN50fLW2fxmIe3wCEE4mPKuz%252F14uelo2TtPp%252Fqya%252FYw%252F3N9uF2c7%252Bf46FGOGBpF0UF86ouxcJUlZQJawzUdWNsIQrJ1suTlp4aDOvPXCcspQk4BaK2Dx1%252BGSve2sB7jGAhwinekv8UWZ4HuYsQR%252Fq9u%252FIWs2foRvx%252FNDTd1rvRGCRifH12%252BBblf32W9Qc%253D%26RelayState%3Dhttps%253A%252F%252Fmy.testsite.org%252Fnextcloud%252Findex.php%252Fapps%252Fuser_saml%252Fsaml%252Fsls","message":"SAML getDirectLoginUrl","userAgent":"Mozilla\/5.0 (iPad; CPU OS 12_1_1 like Mac OS X) AppleWebKit\/605.1.15 (KHTML, like Gecko) Version\/12.0 Mobile\/15E148 Safari\/604.1","version":"15.0.0.10"}

{"reqId":"XDkgBsy8O@QuRP9sg9D0AwAAACU","level":4,"time":"2019-01-11T23:00:22+00:00","remoteAddr":"10.10.10","user":"--","app":"user_saml","method":"GET","url":"\/nextcloud\/index.php\/apps\/user_saml\/saml\/selectUserBackEnd?redirectUrl=\/nextcloud\/index.php\/apps\/user_saml\/saml\/sls%3FSAMLResponse%3DfVJbS8MwFP4rJe82l65bG7aBqMhgKjjxwZdxlpxqpU1CTwr7%252BWYd3kB8CeRLvltOlgR9F%252FTWv%252FoxPiIF7wizY9850tPRio2D0x6oJe2gR9LR6N3l3VarXOgw%252BOiN79gPyv8MIMIhtt6xbHO9Yvtq1oAVAuYLVatZiQt7kFhKi7WQCpvGlFJVBc5Kw7JnHCgxVywJJTrRiBtHEVxMkJD1hZAXUj6pQguhlXph2TVSbB3EifUWYyDN%252BSFVbbvwnqN1GHNHuQHu8BhN50fLW2fxmIe3wCEE4mPKuz%252F14uelo2TtPp%252Fqya%252FYw%252F3N9uF2c7%252Bf46FGOGBpF0UF86ouxcJUlZQJawzUdWNsIQrJ1suTlp4aDOvPXCcspQk4BaK2Dx1%252BGSve2sB7jGAhwinekv8UWZ4HuYsQR%252Fq9u%252FIWs2foRvx%252FNDTd1rvRGCRifH12%252BBblf32W9Qc%253D%26RelayState%3Dhttps%253A%252F%252Fmy.testsite.org%252Fnextcloud%252Findex.php%252Fapps%252Fuser_saml%252Fsaml%252Fsls","message":"SAML getIdps","userAgent":"Mozilla\/5.0 (iPad; CPU OS 12_1_1 like Mac OS X) AppleWebKit\/605.1.15 (KHTML, like Gecko) Version\/12.0 Mobile\/15E148 Safari\/604.1","version":"15.0.0.10"}

{"reqId":"XDkgBsy8O@QuRP9sg9D0AwAAACU","level":4,"time":"2019-01-11T23:00:22+00:00","remoteAddr":"10.10.10","user":"--","app":"user_saml","method":"GET","url":"\/nextcloud\/index.php\/apps\/user_saml\/saml\/selectUserBackEnd?redirectUrl=\/nextcloud\/index.php\/apps\/user_saml\/saml\/sls%3FSAMLResponse%3DfVJbS8MwFP4rJe82l65bG7aBqMhgKjjxwZdxlpxqpU1CTwr7%252BWYd3kB8CeRLvltOlgR9F%252FTWv%252FoxPiIF7wizY9850tPRio2D0x6oJe2gR9LR6N3l3VarXOgw%252BOiN79gPyv8MIMIhtt6xbHO9Yvtq1oAVAuYLVatZiQt7kFhKi7WQCpvGlFJVBc5Kw7JnHCgxVywJJTrRiBtHEVxMkJD1hZAXUj6pQguhlXph2TVSbB3EifUWYyDN%252BSFVbbvwnqN1GHNHuQHu8BhN50fLW2fxmIe3wCEE4mPKuz%252F14uelo2TtPp%252Fqya%252FYw%252F3N9uF2c7%252Bf46FGOGBpF0UF86ouxcJUlZQJawzUdWNsIQrJ1suTlp4aDOvPXCcspQk4BaK2Dx1%252BGSve2sB7jGAhwinekv8UWZ4HuYsQR%252Fq9u%252FIWs2foRvx%252FNDTd1rvRGCRifH12%252BBblf32W9Qc%253D%26RelayState%3Dhttps%253A%252F%252Fmy.testsite.org%252Fnextcloud%252Findex.php%252Fapps%252Fuser_saml%252Fsaml%252Fsls","message":"SAML getSSOUrl","userAgent":"Mozilla\/5.0 (iPad; CPU OS 12_1_1 like Mac OS X) AppleWebKit\/605.1.15 (KHTML, like Gecko) Version\/12.0 Mobile\/15E148 Safari\/604.1","version":"15.0.0.10"}

{"reqId":"XDkgBsy8O@QuRP9sg9D0AwAAACU","level":4,"time":"2019-01-11T23:00:22+00:00","remoteAddr":"10.10.10","user":"--","app":"user_saml","method":"GET","url":"\/nextcloud\/index.php\/apps\/user_saml\/saml\/selectUserBackEnd?redirectUrl=\/nextcloud\/index.php\/apps\/user_saml\/saml\/sls%3FSAMLResponse%3DfVJbS8MwFP4rJe82l65bG7aBqMhgKjjxwZdxlpxqpU1CTwr7%252BWYd3kB8CeRLvltOlgR9F%252FTWv%252FoxPiIF7wizY9850tPRio2D0x6oJe2gR9LR6N3l3VarXOgw%252BOiN79gPyv8MIMIhtt6xbHO9Yvtq1oAVAuYLVatZiQt7kFhKi7WQCpvGlFJVBc5Kw7JnHCgxVywJJTrRiBtHEVxMkJD1hZAXUj6pQguhlXph2TVSbB3EifUWYyDN%252BSFVbbvwnqN1GHNHuQHu8BhN50fLW2fxmIe3wCEE4mPKuz%252F14uelo2TtPp%252Fqya%252FYw%252F3N9uF2c7%252Bf46FGOGBpF0UF86ouxcJUlZQJawzUdWNsIQrJ1suTlp4aDOvPXCcspQk4BaK2Dx1%252BGSve2sB7jGAhwinekv8UWZ4HuYsQR%252Fq9u%252FIWs2foRvx%252FNDTd1rvRGCRifH12%252BBblf32W9Qc%253D%26RelayState%3Dhttps%253A%252F%252Fmy.testsite.org%252Fnextcloud%252Findex.php%252Fapps%252Fuser_saml%252Fsaml%252Fsls","message":"SAML getSSODisplayName","userAgent":"Mozilla\/5.0 (iPad; CPU OS 12_1_1 like Mac OS X) AppleWebKit\/605.1.15 (KHTML, like Gecko) Version\/12.0 Mobile\/15E148 Safari\/604.1","version":"15.0.0.10"}

Safari access log:

10.10.10 - - [11/Jan/2019:19:00:22 -0400] "GET /nextcloud/index.php/apps/user_saml/saml/sls?requesttoken=mvgKr1HsGR0lWti7rWCVpKh/sWynFjyQBNLWFt9WaGk%3D%3A1pY53T%2BAKjZAE6Lo%2BQ/24fkpgw/jemrgYIrlPYkjGyQ%3D HTTP/1.1" 303 - "-" "Mozilla/5.0 (iPad; CPU OS 12_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1"

10.10.10 - - [11/Jan/2019:19:00:22 -0400] "GET /nextcloud/index.php/apps/user_saml/saml/sls?SAMLResponse=fVJbS8MwFP4rJe82l65bG7aBqMhgKjjxwZdxlpxqpU1CTwr7%2BWYd3kB8CeRLvltOlgR9F%2FTWv%2FoxPiIF7wizY9850tPRio2D0x6oJe2gR9LR6N3l3VarXOgw%2BOiN79gPyv8MIMIhtt6xbHO9Yvtq1oAVAuYLVatZiQt7kFhKi7WQCpvGlFJVBc5Kw7JnHCgxVywJJTrRiBtHEVxMkJD1hZAXUj6pQguhlXph2TVSbB3EifUWYyDN%2BSFVbbvwnqN1GHNHuQHu8BhN50fLW2fxmIe3wCEE4mPKuz%2F14uelo2TtPp%2Fqya%2FYw%2F3N9uF2c7%2Bf46FGOGBpF0UF86ouxcJUlZQJawzUdWNsIQrJ1suTlp4aDOvPXCcspQk4BaK2Dx1%2BGSve2sB7jGAhwinekv8UWZ4HuYsQR%2Fq9u%2FIWs2foRvx%2FNDTd1rvRGCRifH12%2BBblf32W9Qc%3D&RelayState=https%3A%2F%2Fmy.testsite.org%2Fnextcloud%2Findex.php%2Fapps%2Fuser_saml%2Fsaml%2Fsls HTTP/1.1" 303 - "-" "Mozilla/5.0 (iPad; CPU OS 12_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1"

10.10.10 - - [11/Jan/2019:19:00:22 -0400] "GET /nextcloud/index.php/login?redirect_url=/nextcloud/index.php/apps/user_saml/saml/sls%3FSAMLResponse%3DfVJbS8MwFP4rJe82l65bG7aBqMhgKjjxwZdxlpxqpU1CTwr7%252BWYd3kB8CeRLvltOlgR9F%252FTWv%252FoxPiIF7wizY9850tPRio2D0x6oJe2gR9LR6N3l3VarXOgw%252BOiN79gPyv8MIMIhtt6xbHO9Yvtq1oAVAuYLVatZiQt7kFhKi7WQCpvGlFJVBc5Kw7JnHCgxVywJJTrRiBtHEVxMkJD1hZAXUj6pQguhlXph2TVSbB3EifUWYyDN%252BSFVbbvwnqN1GHNHuQHu8BhN50fLW2fxmIe3wCEE4mPKuz%252F14uelo2TtPp%252Fqya%252FYw%252F3N9uF2c7%252Bf46FGOGBpF0UF86ouxcJUlZQJawzUdWNsIQrJ1suTlp4aDOvPXCcspQk4BaK2Dx1%252BGSve2sB7jGAhwinekv8UWZ4HuYsQR%252Fq9u%252FIWs2foRvx%252FNDTd1rvRGCRifH12%252BBblf32W9Qc%253D%26RelayState%3Dhttps%253A%252F%252Fmy.testsite.org%252Fnextcloud%252Findex.php%252Fapps%252Fuser_saml%252Fsaml%252Fsls HTTP/1.1" 302 - "-" "Mozilla/5.0 (iPad; CPU OS 12_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1"

10.10.10 - - [11/Jan/2019:19:00:22 -0400] "GET /nextcloud/index.php/apps/user_saml/saml/selectUserBackEnd?redirectUrl=/nextcloud/index.php/apps/user_saml/saml/sls%3FSAMLResponse%3DfVJbS8MwFP4rJe82l65bG7aBqMhgKjjxwZdxlpxqpU1CTwr7%252BWYd3kB8CeRLvltOlgR9F%252FTWv%252FoxPiIF7wizY9850tPRio2D0x6oJe2gR9LR6N3l3VarXOgw%252BOiN79gPyv8MIMIhtt6xbHO9Yvtq1oAVAuYLVatZiQt7kFhKi7WQCpvGlFJVBc5Kw7JnHCgxVywJJTrRiBtHEVxMkJD1hZAXUj6pQguhlXph2TVSbB3EifUWYyDN%252BSFVbbvwnqN1GHNHuQHu8BhN50fLW2fxmIe3wCEE4mPKuz%252F14uelo2TtPp%252Fqya%252FYw%252F3N9uF2c7%252Bf46FGOGBpF0UF86ouxcJUlZQJawzUdWNsIQrJ1suTlp4aDOvPXCcspQk4BaK2Dx1%252BGSve2sB7jGAhwinekv8UWZ4HuYsQR%252Fq9u%252FIWs2foRvx%252FNDTd1rvRGCRifH12%252BBblf32W9Qc%253D%26RelayState%3Dhttps%253A%252F%252Fmy.testsite.org%252Fnextcloud%252Findex.php%252Fapps%252Fuser_saml%252Fsaml%252Fsls HTTP/1.1" 200 9474 "-" "Mozilla/5.0 (iPad; CPU OS 12_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1"

Read the other suggestions for the one line patch with ‘@’ in it and applied that with no change. This has been shown not to work on three different installs and over the three latest versions 13, 14 and 15.

Any suggestions to get SAML back in action on IOS appreciated :grinning:.

Thanks,
JES


#2

Well, 15.0.2 released yesterday fixes this for me. Sorry I did not see that release. Maybe if anyone on any of the versions has this problem they can see this ticket and know it was fixed, at least for me, in 15.0.2.

Problem solved!