user_saml
user_saml copied to clipboard
nextcloud
Username limited to 64 characters
Steps to reproduce
- Define on the IDP an attribute with length of >64 characters
- Setup SSO with saml in nextcloud and use the attribute defined in 1. as UID mapping
- try to login via SSO
Expected behaviour
Successful login
Actual behaviour
HTTP 500 internal server error, user is not logged in and in the logs are following errors:
{"reqId":"JUCv9RMwhCxuu5VqKpD7","level":3,"time":"2018-12-17T12:55:18+00:00","remoteAddr":"<......>","user":"--","app":"index","method":"POST","url":"/index.php/apps/user_saml/saml/acs","message":{"Exception":"OC\\User\\NoUserException","Message":"Backends provided no user object","Code":0,"Trace":[{"function":"getUserFolder","class":"OC\\Files\\Node\\Root","type":"->","args":["aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa@example.com"]},{"file":"/opt/nextcloud/lib/private/Files/Node/LazyRoot.php","line":64,"function":"call_user_func_array","args":[[{"__class__":"OC\\Files\\Node\\Root"},"getUserFolder"],["aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa@example.com"]]},{"file":"/opt/nextcloud/lib/private/Files/Node/LazyRoot.php","line":281,"function":"__call","class":"OC\\Files\\Node\\LazyRoot","type":"->","args":["getUserFolder",["aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa@example.com"]]},{"file":"/opt/nextcloud/lib/private/Server.php","line":1389,"function":"getUserFolder","class":"OC\\Files\\Node\\LazyRoot","type":"->","args":["aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa@example.com"]},{"file":"/opt/nextcloud/apps/user_saml/lib/UserBackend.php","line":151,"function":"getUserFolder","class":"OC\\Server","type":"->","args":["aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa@example.com"]},{"file":"/opt/nextcloud/apps/user_saml/lib/Controller/SAMLController.php","line":151,"function":"createUserIfNotExists","class":"OCA\\User_SAML\\UserBackend","type":"->","args":["aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa@example.com",{"urn:oid:0.9.2342.19200300.100.1.1":["user"],"urn:oid:0.9.2342.19200300.100.1.3":["[email protected]"],"urn:oid:2.5.4.4":["user"],"urn:oid:2.5.4.42":["some"],"urn:oasis:names:tc:SAML:attribute:subject-id":["aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa@example.com"],"urn:oid:1.3.9999.2.3":["aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa@example.com"]}]},{"file":"/opt/nextcloud/apps/user_saml/lib/Controller/SAMLController.php","line":272,"function":"autoprovisionIfPossible","class":"OCA\\User_SAML\\Controller\\SAMLController","type":"->","args":[{"urn:oid:0.9.2342.19200300.100.1.1":["user"],"urn:oid:0.9.2342.19200300.100.1.3":["[email protected]"],"urn:oid:2.5.4.4":["user"],"urn:oid:2.5.4.42":["some"],"urn:oasis:names:tc:SAML:attribute:subject-id":["aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa@example.com"],"urn:oid:1.3.9999.2.3":["aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa@example.com"]}]},{"file":"/opt/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":166,"function":"assertionConsumerService","class":"OCA\\User_SAML\\Controller\\SAMLController","type":"->","args":[]},{"file":"/opt/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":99,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[{"__class__":"OCA\\User_SAML\\Controller\\SAMLController"},"assertionConsumerService"]},{"file":"/opt/nextcloud/lib/private/AppFramework/App.php","line":118,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[{"__class__":"OCA\\User_SAML\\Controller\\SAMLController"},"assertionConsumerService"]},{"file":"/opt/nextcloud/lib/private/AppFramework/Routing/RouteActionHandler.php","line":47,"function":"main","class":"OC\\AppFramework\\App","type":"::","args":["OCA\\User_SAML\\Controller\\SAMLController","assertionConsumerService",{"__class__":"OC\\AppFramework\\DependencyInjection\\DIContainer"},{"_route":"user_saml.SAML.assertionConsumerService"}]},{"function":"__invoke","class":"OC\\AppFramework\\Routing\\RouteActionHandler","type":"->","args":[{"_route":"user_saml.SAML.assertionConsumerService"}]},{"file":"/opt/nextcloud/lib/private/Route/Router.php","line":297,"function":"call_user_func","args":[{"__class__":"OC\\AppFramework\\Routing\\RouteActionHandler"},{"_route":"user_saml.SAML.assertionConsumerService"}]},{"file":"/opt/nextcloud/lib/base.php","line":987,"function":"match","class":"OC\\Route\\Router","type":"->","args":["/apps/user_saml/saml/acs"]},{"file":"/opt/nextcloud/index.php","line":42,"function":"handleRequest","class":"OC","type":"::","args":[]}],"File":"/opt/nextcloud/lib/private/Files/Node/Root.php","Line":368,"CustomMessage":"--"},"userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36","version":"15.0.0.10","id":"5c179cbab3fea"}
{"reqId":"JUCv9RMwhCxuu5VqKpD7","level":3,"time":"2018-12-17T12:55:18+00:00","remoteAddr":"......","user":"--","app":"files","method":"POST","url":"/index.php/apps/user_saml/saml/acs","message":"Backends provided no user object for aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa@example.com","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36","version":"15.0.0.10","id":"5c179cbab413d"}
Server configuration
Operating system: Debian 9
Web server: Apache2.4
Database: MariaDB 10.1
PHP version: 7.0.33
Nextcloud version: 15.0
Where did you install Nextcloud from: zip-file
List of activated apps:
Enabled:
- accessibility: 1.1.0
- activity: 2.8.2
- cloud_federation_api: 0.1.0
- comments: 1.5.0
- dav: 1.8.0
- federatedfilesharing: 1.5.0
- federation: 1.5.0
- files: 1.10.0
- files_pdfviewer: 1.4.0
- files_sharing: 1.7.0
- files_texteditor: 2.7.0
- files_trashbin: 1.5.0
- files_versions: 1.8.0
- files_videoplayer: 1.4.0
- firstrunwizard: 2.4.0
- gallery: 18.2.0
- logreader: 2.0.0
- lookup_server_connector: 1.3.0
- nextcloud_announcements: 1.4.0
- notifications: 2.3.0
- oauth2: 1.3.0
- password_policy: 1.5.0
- provisioning_api: 1.5.0
- serverinfo: 1.5.0
- sharebymail: 1.5.0
- support: 1.0.0
- survey_client: 1.3.0
- systemtags: 1.5.0
- theming: 1.6.0
- twofactor_backupcodes: 1.4.1
- updatenotification: 1.5.0
- user_saml: 2.1.0
- workflowengine: 1.5.0
Disabled:
- admin_audit
- encryption
- files_external
- user_external
- user_ldap
Nextcloud configuration:
"system": {
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"something.somthing"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "mysql",
"version": "15.0.0.10",
"overwrite.cli.url": "https:\/\/something.somthing",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"maintenance": false,
"force_language": "en",
"updater.release.channel": "beta",
"updater.secret": "***REMOVED SENSITIVE VALUE***",
"loglevel": 2
}
}
Client configuration
Browser: Chrome/Firefox
Operating system: Win10
There is also a draft for a new saml attribute urn:oasis:names:tc:SAML:attribute:subject-id (https://docs.oasis-open.org/security/saml-subject-id-attr/v1.0/saml-subject-id-attr-v1.0.pdf which explicitly allows up to 127 ASCI characters as unique identifier
Standard now left draft status https://docs.oasis-open.org/security/saml-subject-id-attr/v1.0/saml-subject-id-attr-v1.0.html
In Nextcloud (user) IDs are limited to 64 characters. So it is not a limitation by this app, but the server itself.
