SAML issue with JumpCloud

ℹ️ Support 📦 Appliances (Docker, Snappy, VM, NCP, AIO)
1

Hello I have Jumpcloud SAML IDP and I am trying to configure Nextcloud v14 with that idP.

Now after successful login I am getting the following error.

Account not provisioned. Your account is not provisioned, access to this service is thus not possible.

Here is my Jumpcloud IDP settings

IDP Identity ID = mynextcloud.local
SP Identity ID = https://mynextcloud.local/apps/user_saml/saml/metadata
ACS URL = https://mynextcloud.local/apps/user_saml/saml/acs
SAMLSUBJECT NameID = email
SAMLSUBJECT NameID Format = urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
Signature Algorithm = RSA-SHA256
IDP URL = https://jumpcloud.com/saml2/mynextcloud

Here is Nextcloud SP configuration

Attribute to map the uuid to = email
Identifier of the idP entity (must be uri) = mynextcloud.local
URL target of IDP = https://jumpcloud.com/saml2/mynextcloud

Would you please help me how I can fix this issue

2

Here is my Jumpcloud IDP settings

User a SAML 2.0 template not the NextCloud template and fill it in as follows (BTW this is for
Nextcloud 18.0.4 installed via snap on Ubuntu 18.0.4 LTS)

Note to get around the post issue of only 4 urls per post I changed // to slash slash…

IDP Identity ID = JumpCloud
SP Identity ID = https:slash slash mynextcloud.local/index.php/apps/user_saml/saml/metadata
ACS URL = https:slash slash mynextcloud.local/index.php/apps/user_saml/saml/acs
SAMLSUBJECT NameID = username
SAMLSUBJECT NameID Format = urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
Signature Algorithm = RSA-SHA256
Default RelayState: https: slash slash mynextcloud.local/index.php
IDP URL = https: slash slash jumpcloud.com/saml2/mynextcloud

USER ATTRIBUTE MAPPING:
displayname -> fullname
email -> email
username -> username

Enable the groups attribute and set the field to “memberOf”

Here is Nextcloud SP configuration

Attribute to map the uuid to = username
Identifier of the idP entity (must be uri) = JumpCloud
URL target of IDP = https: slash slash jumpcloud.com/saml2/mynextcloud

Under Show optional Identity Provider settings …
SLO = https:slash slash jumpcloud.com/saml2/mynextcloud
Paste in IdP certificate from JumpCloud

Enter the Attribute mapping
displayname -> displayname
email -> email
groups -> memberOf

Under Show security settings…
Check the first option (logoutRequest)
Check the Last option (ADFS)
The only problem that I’m getting is sometimes if I log out

3

hello

i have put exactly the same but i stil get that the user is not provisioned
i m running nextccloud 21 on kubernetes
i m well authenticated by the jumpcloud SSO
but the thing i dont understand is how jumpcloud can provision user in nextcloud , normaly it should be done by JIT or something like that

For the test i added manualy a user with the same mail but still does not work

thanks so much for your help
i