User_saml under nextcloud 13 + CAS "401 Unauthorized"


I’m attempting to use user_saml with NextCloud 13 and I want to integrate our user-login with CAS server (we use Jasig CAS as CAS service).

I use below link to config NextCloud with Apache CAS module on CentOS 7:

Before using CAS, I used OpenLDAP as user-login data source and all users were able to log in without any problem. Our CAS server use that OpenLDAP as user backend.

Current state:

  • Go to NextCloud URL
  • Get redirected to CAS login screen
  • successful login
  • Get redirected to index.php/login and NextCloud shows HTTP 401 error:

This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn’t understand how to supply the credentials required.

I don’t know why this happens. My settings are as follows:

NextCloud OpenLDAP Config:

"user_ldap": {
        "_lastChange": "1527840328",
        "cleanUpJobOffset": "0",
        "enabled": "yes",
        "installed_version": "1.3.1",
        "ldap_agent_password": "***REMOVED SENSITIVE VALUE***",
        "ldap_base": "ou=People,dc=domain,dc=com",
        "ldap_base_groups": "ou=People,dc=domain,dc=com",
        "ldap_base_users": "ou=People,dc=domain,dc=com",
        "ldap_configuration_active": "1",
        "ldap_display_name": "cn",
        "ldap_dn": "cn=ldap_user,ou=People,dc=domain,dc=com",
        "ldap_email_attr": "mail",
        "ldap_expert_username_attr": "uid",
        "ldap_group_filter": "",
        "ldap_host": "",
        "ldap_login_filter": "(&(uid=%uid)(dcAccountstatus=Active))",
        "ldap_login_filter_mode": "1",
        "ldap_loginfilter_username": "0",
        "ldap_port": "389",
        "ldap_user_filter_mode": "1",
        "ldap_userfilter_objectclass": "dcMailUser\nposixAccount",
        "ldap_userlist_filter": "(|(objectclass=dcMailUser)(objectclass=posixAccount))",
        "types": "authentication"

NextCloud user_saml config:

"user_saml": {
        "enabled": "yes",
        "general-allow_multiple_user_back_ends": "0",
        "general-require_provisioned_account": "0",
        "general-uid_mapping": "HTTP_CAS_USER",
        "installed_version": "1.5.0",
        "type": "environment-variable",
        "types": "authentication"

Apache mod_auth_cas under vhost section:

CASVersion 2
    CASTimeout 28800

    <Location "/index.php/login">
            AuthType CAS
            AuthName "CAS Authentication"
            require valid-user

    <Location "/index.php/apps/user_saml/saml/login">
            AuthType CAS
            AuthName "CAS Authentication"
            require valid-user

I changed below setting on user_saml to 1 but the result was the same:

"general-allow_multiple_user_back_ends": "0",
 "general-require_provisioned_account": "0",

I don’t know it’s bug or some problem on my configuration. After searching a lot I cloud not find the right answer.

No answer after few weeks?