Nextcloud version: 12.0.0
Operating system and version: Ubuntu Server
Apache or nginx version (eg, Apache 2.4.25): 16.04.2_amd64
PHP version: 7.0.18
Is this the first time you’ve seen this error?: No
Can you reliably replicate it? (If so, please outline steps):
- Login using LDAPUser
- Connects fine
- Go into apps and enable User_SAML
- Connect to NextCloud and get forwarded to IDP for login
- Login using same account
- Get error: Account not provisioned. Your account is not provisioned, access to this service is thus not possible.
The issue you are facing:
I am trying to config Centrify IDP for SAML authentication and while I know Centrify isn’t officially supported, SAML is SAML and should be able to work. We have LDAP configured through Active Directory and the authentication works fine using the SamAccountName. I current have the Uuid setup as the “Username” when I view users in NextCloud but have also changed it to the SamAccountName name with the same issue. When sending the SAML assertion the ID is passed as:
In NextCloud I have the “Attribute to map the uuid to” set to “urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified” and have verified the uuid being passed matches the account “Username” in “Users” within NextCloud.
Any ideas on what could be causing the issue? Thanks!