Nextcloud 20.0.0:
Ubuntu 18.04 + Docker
nginx 1.19.3
PHP 7.4.11
Hi,
I am trying to enable SSO on my clean Nextcloud installation. I am using a keycloak server in order to centrally authenticate users imported from an LDAP (authentication in keycloak is working properly).
I get an error about x.509 certs handling which prevent authentication
[PHP] Error: Error: openssl_x509_export(): cannot get cert from parameter 1 at /var/www/html/custom_apps/user_saml/3rdparty/vendor/robrichards/xmlseclibs/src/XMLSecurityKey.php#366 at <<closure>>
0. <<closure>>
OC\Log\ErrorHandler::onError(2, "openssl_x509_ex ... 1", "/var/www/html/c ... p", 366, {key: "-----BEGI ... l})
1. /var/www/html/custom_apps/user_saml/3rdparty/vendor/robrichards/xmlseclibs/src/XMLSecurityKey.php line 366
openssl_x509_export(false, null)
2. /var/www/html/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Utils.php line 1463
RobRichards\XMLSecLibs\XMLSecurityKey->loadKey("-----BEGIN CERT ... n", false, true)
3. /var/www/html/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Response.php line 426
OneLogin\Saml2\Utils::validateSign(DOMDocument {}, "-----BEGIN CERT ... n", "", "sha1", "/samlp:Response/ds:Signature", ["-----BEGIN CER ... "])
4. /var/www/html/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/src/Saml2/Auth.php line 237
OneLogin\Saml2\Response->isValid("ONELOGIN_80276e ... b")
5. /var/www/html/custom_apps/user_saml/lib/Controller/SAMLController.php line 320
OneLogin\Saml2\Auth->processResponse("ONELOGIN_80276e ... b")
6. /var/www/html/lib/private/AppFramework/Http/Dispatcher.php line 169
OCA\User_SAML\Controller\SAMLController->assertionConsumerService()
7. /var/www/html/lib/private/AppFramework/Http/Dispatcher.php line 100
OC\AppFramework\Http\Dispatcher->executeController(OCA\User_SAML\Co ... {}, "assertionConsumerService")
8. /var/www/html/lib/private/AppFramework/App.php line 152
OC\AppFramework\Http\Dispatcher->dispatch(OCA\User_SAML\Co ... {}, "assertionConsumerService")
9. /var/www/html/lib/private/Route/Router.php line 308
OC\AppFramework\App::main("OCA\\User_SAML\ ... r", "assertionConsumerService", OC\AppFramework\ ... {}, {action: null,_r ... "})
10. /var/www/html/lib/base.php line 1009
OC\Route\Router->match("/apps/user_saml/saml/acs")
11. /var/www/html/index.php line 37
OC::handleRequest()
POST /apps/user_saml/saml/acs
from 172.18.0.1 at 2020-10-22T06:29:23+00:00
Here is my keycloak configuration for the client :
Here is my configuration in Gitlab :
Any ideas ?