Keen to try out the new saml-integration, I went on enabling and configuring the app.
After putting in the right URLs and public certificate, the metadata generates properly.
Added Nextcloud as a sp to PHPSimpleSAML as I’ve did many more applications.
When accessing the Nextcloud-URL, I get a nice redirect, but no (SAML) login request. The server only shows a 500-error, see the following lines from the webserver-log:
IP - - [06/Jul/2016:14:02:39 +0200] “GET /apps/user_saml/js/preauth.js HTTP/1.1” 200 185 “-” "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0"
IP - - [06/Jul/2016:14:02:39 +0200] “GET /index.php/apps/theming/styles.css?v=0 HTTP/1.1” 500 9185 “-” "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0"
IP - - [06/Jul/2016:14:02:39 +0200] “GET /index.php/apps/user_saml/saml/login?requesttoken=JygLViwHT3dhHUMCGnEzHU4tGigPeA4GMmwxQgtBLy4%3D%3AEp82Brd9Q225M6TJ6yikw%2Fa4HTpra4Mgx6tpNg8twqc%3D HTTP/1.1” 500 9185 “-” "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0"
IP - - [06/Jul/2016:14:02:40 +0200] “GET /index.php/apps/theming/styles.css?v=0 HTTP/1.1” 500 9185 “-” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0”
So it doesn’t even get to the SAML-request.
Also, when I try to get the metadata-file (https://DOMAIN/index.php/apps/user_saml/saml/metadata) as an unauthenticated user, I get the above problem.
When I try to get this file as an already authenticated user (authenticated before user_saml was enabled), I can actually get this file.
FInal remark: the user_ldap-module is enabled as well. I’m not sure if that should lead to problems, but I think that the user_saml and user_ldap should co-exist, as they have different uses.
I’ve seen this topic, but that doesn’t really seem to be the same problem: How does the user_saml app work?
Is what I describe a known problem, or just a (possibly stupid) configuration error?
Can you share your complete configuration with us as well as your Nextcloud and PHP error log? That may help.
Also you may need to apply https://github.com/nextcloud/user_saml/pull/20. Seems like a small problem sneaked in that made it incompatible with some DBs.
Sorry for that!
You’re ofcourse right.
nextcloud.log (this shows actually twice per ‘try’):
{
“reqId”: “V3zzX2ycOl-Hp7R5dfiyjQAAAAM”,
“remoteAddr”: “IP”,
“app”: “index”,
“message”: “Exception: {"Exception":"Doctrine\\DBAL\\Exception\\InvalidFieldNameException","Message":"An exception occurred while executing ‘SELECT token
FROM oc_user_saml_users
WHERE uid
= ? LIMIT 1’ with params [null]:\n\nSQLSTATE[42S22]: Column not found: 1054 Unknown column ‘token’ in ‘field list’","Code":0,"Trace":"#0 \/var\/www\/html\/nextcloud-9.0.52\/3rdparty\/doctrine\/dbal\/lib\/Doctrine\/DBAL\/DBALException.php(116): Doctrine\\DBAL\\Driver\\AbstractMySQLDriver->convertException(‘An exception oc…’, Object(Doctrine\\DBAL\\Driver\\PDOException))\n#1 \/var\/www\/html\/nextcloud-9.0.52\/3rdparty\/doctrine\/dbal\/lib\/Doctrine\/DBAL\/Connection.php(836): Doctrine\\DBAL\\DBALException::driverExceptionDuringQuery(Object(Doctrine\\DBAL\\Driver\\PDOMySql\\Driver), Object(Doctrine\\DBAL\\Driver\\PDOException), ‘SELECT token
…’, Array)\n#2 \/var\/www\/html\/nextcloud-9.0.52\/lib\/private\/db\/connection.php(184): Doctrine\\DBAL\\Connection->executeQuery(‘SELECT token
…’, Array, Array, NULL)\n#3 \/var\/www\/html\/nextcloud-9.0.52\/3rdparty\/doctrine\/dbal\/lib\/Doctrine\/DBAL\/Query\/QueryBuilder.php(206): OC\\DB\\Connection->executeQuery(‘SELECT token
…’, Array, Array)\n#4 \/var\/www\/html\/nextcloud-9.0.52\/lib\/private\/db\/querybuilder\/querybuilder.php(141): Doctrine\\DBAL\\Query\\QueryBuilder->execute()\n#5 \/var\/www\/html\/nextcloud-9.0.52\/apps\/user_saml\/lib\/userbackend.php(74): OC\\DB\\QueryBuilder\\QueryBuilder->execute()\n#6 \/var\/www\/html\/nextcloud-9.0.52\/apps\/user_saml\/lib\/userbackend.php(206): OCA\\User_SAML\\UserBackend->userExistsInDatabase(NULL)\n#7 \/var\/www\/html\/nextcloud-9.0.52\/lib\/private\/user\/manager.php(138): OCA\\User_SAML\\UserBackend->userExists(NULL)\n#8 \/var\/www\/html\/nextcloud-9.0.52\/lib\/private\/group.php(130): OC\\User\\Manager->get(NULL)\n#9 \/var\/www\/html\/nextcloud-9.0.52\/lib\/private\/user.php(363): OC_Group::inGroup(NULL, ‘admin’)\n#10 \/var\/www\/html\/nextcloud-9.0.52\/lib\/private\/appframework\/dependencyinjection\/dicontainer.php(416): OC_User::isAdminUser(NULL)\n#11 \/var\/www\/html\/nextcloud-9.0.52\/lib\/private\/appframework\/dependencyinjection\/dicontainer.php(331): OC\\AppFramework\\DependencyInjection\\DIContainer->isAdminUser()\n#12 \/var\/www\/html\/nextcloud-9.0.52\/3rdparty\/pimple\/pimple\/src\/Pimple\/Container.php(113): OC\\AppFramework\\DependencyInjection\\DIContainer->OC\\AppFramework\\DependencyInjection\\{closure}(Object(OC\\AppFramework\\DependencyInjection\\DIContainer))\n#13 \/var\/www\/html\/nextcloud-9.0.52\/lib\/private\/appframework\/dependencyinjection\/dicontainer.php(356): Pimple\\Container->offsetGet(‘SecurityMiddlew…’)\n#14 \/var\/www\/html\/nextcloud-9.0.52\/3rdparty\/pimple\/pimple\/src\/Pimple\/Container.php(113): OC\\AppFramework\\DependencyInjection\\DIContainer->OC\\AppFramework\\DependencyInjection\\{closure}(Object(OC\\AppFramework\\DependencyInjection\\DIContainer))\n#15 \/var\/www\/html\/nextcloud-9.0.52\/lib\/private\/appframework\/dependencyinjection\/dicontainer.php(311): Pimple\\Container->offsetGet(‘MiddlewareDispa…’)\n#16 \/var\/www\/html\/nextcloud-9.0.52\/3rdparty\/pimple\/pimple\/src\/Pimple\/Container.php(113): OC\\AppFramework\\DependencyInjection\\DIContainer->OC\\AppFramework\\DependencyInjection\\{closure}(Object(OC\\AppFramework\\DependencyInjection\\DIContainer))\n#17 \/var\/www\/html\/nextcloud-9.0.52\/lib\/private\/appframework\/app.php(102): Pimple\\Container->offsetGet(‘Dispatcher’)\n#18 \/var\/www\/html\/nextcloud-9.0.52\/lib\/private\/appframework\/routing\/routeactionhandler.php(45): OC\\AppFramework\\App::main(‘SAMLController’, ‘login’, Object(OC\\AppFramework\\DependencyInjection\\DIContainer), Array)\n#19 [internal function]: OC\\AppFramework\\routing\\RouteActionHandler->__invoke(Array)\n#20 \/var\/www\/html\/nextcloud-9.0.52\/lib\/private\/route\/router.php(276): call_user_func(Object(OC\\AppFramework\\routing\\RouteActionHandler), Array)\n#21 \/var\/www\/html\/nextcloud-9.0.52\/lib\/base.php(967): OC\\Route\\Router->match(‘\/apps\/user_saml…’)\n#22 \/var\/www\/html\/nextcloud-9.0.52\/index.php(39): OC::handleRequest()\n#23 {main}","File":"\/var\/www\/html\/nextcloud-9.0.52\/3rdparty\/doctrine\/dbal\/lib\/Doctrine\/DBAL\/Driver\/AbstractMySQLDriver.php","Line":71}”,
“level”: 3,
“time”: “2016-07-06T12:02:40+00:00”,
“method”: “GET”,
“url”: “/index.php/apps/user_saml/saml/login?requesttoken=JygLViwHT3dhHUMCGnEzHU4tGigPeA4GMmwxQgtBLy4%3D%3AEp82Brd9Q225M6TJ6yikw%2Fa4HTpra4Mgx6tpNg8twqc%3D”,
“user”: “–”
}
The user_saml config:
“user_saml”,“enabled”,“yes”
“user_saml”,“general-require_provisioned_account”,“0”
“user_saml”,“general-uid_mapping”,“saml:AttributeNameID”
“user_saml”,“idp-entityId”,“https://IDP/saml/saml2/idp/metadata.php”
“user_saml”,“idp-singleLogoutService.url”,“https://IDP/saml/saml2/idp/SingleLogoutService.php”
“user_saml”,“idp-singleSignOnService.url”,“https://IDP/saml/saml2/idp/SSOService.php”
“user_saml”,“idp-x509cert”,“-----BEGIN CERTIFICATE-----
xxx
-----END CERTIFICATE-----”
“user_saml”,“installed_version”,“1.0.1”
“user_saml”,“security-authnRequestsSigned”,“0”
“user_saml”,“security-logoutRequestSigned”,“0”
“user_saml”,“security-logoutResponseSigned”,“0”
“user_saml”,“security-nameIdEncrypted”,“1”
“user_saml”,“security-wantAssertionsEncrypted”,“0”
“user_saml”,“security-wantAssertionsSigned”,“1”
“user_saml”,“security-wantMessagesSigned”,“0”
“user_saml”,“security-wantNameId”,“0”
“user_saml”,“security-wantNameIdEncrypted”,“0”
“user_saml”,“security-wantXMLValidation”,“0”
“user_saml”,“types”,“authentication”
This specific error should be just patched with https://github.com/nextcloud/user_saml/pull/20, can you retry with that patch applied? That would be utmostly appreciated!
1 Like
Saw you message right after I posted it.
This fixes the problem. Thanks!
Great!
If you have any feature requests or bug reports, please file them at Issues · nextcloud/user_saml · GitHub. That would be very helpful