Application authtoken expires when user_saml is enabled

[mndeveloper]

Hi,

I use Nextcloud and LDAP as user backend and Shibboleth with user_saml. This works fine in the browser BUT NOT on the Android app in conjunction with the scanned QR-code.

Steps to reproduce

1. with LDAP and user_saml endabled
2. got to settings -> security -> create new -> scan QR-code with NC App
3. wait ... 30~60 minutes
4. login in app will fail

Expected behaviour

NC app login should be working without expiration

Actual behaviour

NC app fails to synchrionize, this also applies to the notes app (if they is connected with the NC app)

Server configuration

Operating system: openSUSE Tumbleweed 20210910

Web server: Apache 2.4.49

Database: MariaDB 10.5.10

PHP version: php-fpm 7.4.23

Nextcloud version: 21.0.4

Where did you install Nextcloud from: website / tgz

List of activated apps:

Enabled:
  - accessibility: 1.7.0
  - activity: 2.14.3
  - admin_audit: 1.11.0
  - apporder: 0.13.0
  - audioplayer: 3.2.2
  - bookmarks: 10.0.0
  - bruteforcesettings: 2.2.0
  - calendar: 2.3.4
  - circles: 0.21.4
  - cloud_federation_api: 1.4.0
  - comments: 1.11.0
  - contacts: 4.0.3
  - contactsinteraction: 1.2.0
  - dashboard: 7.1.0
  - dav: 1.17.1
  - deck: 1.4.5
  - federatedfilesharing: 1.11.0
  - federation: 1.11.0
  - files: 1.16.0
  - files_antivirus: 3.2.2
  - files_pdfviewer: 2.1.0
  - files_rightclick: 1.0.0
  - files_sharing: 1.13.1
  - files_trackdownloads: 1.10.0
  - files_trashbin: 1.11.0
  - files_versions: 1.14.0
  - files_videoplayer: 1.10.0
  - firstrunwizard: 2.10.0
  - impersonate: 1.8.0
  - logreader: 2.6.0
  - lookup_server_connector: 1.9.0
  - mail: 1.10.5
  - nextcloud_announcements: 1.10.0
  - notes: 4.1.1
  - notifications: 2.9.0
  - oauth2: 1.9.0
  - password_policy: 1.11.0
  - passwords: 2021.9.20
  - photos: 1.3.0
  - polls: 3.2.0
  - privacy: 1.5.0
  - provisioning_api: 1.11.0
  - recommendations: 1.0.0
  - richdocuments: 4.2.3
  - serverinfo: 1.11.0
  - settings: 1.3.0
  - sharebymail: 1.11.0
  - sharelisting: 1.0.0
  - spreed: 11.3.2
  - support: 1.4.0
  - survey_client: 1.9.0
  - systemtags: 1.11.0
  - tasks: 0.14.2
  - text: 3.2.0
  - theming: 1.12.0
  - twofactor_backupcodes: 1.10.0
  - updatenotification: 1.11.0
  - user_ldap: 1.11.0
  - user_status: 1.1.1
  - viewer: 1.5.0
  - weather_status: 1.1.0
  - workflowengine: 2.3.0
Disabled:
  - encryption
  - files_external
  - user_saml

Nextcloud configuration:

{
    "system": {
        "debug": false,
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "cloud.metrinomics.net"
        ],
        "activity_expire_days": 365,
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "21.0.4.1",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "default_language": "de",
        "default_phone_region": "DE",
        "installed": true,
        "mail_smtpmode": "smtp",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpauthtype": "PLAIN",
        "mail_smtpauth": 1,
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "587",
        "mail_smtpsecure": "tls",
        "simpleSignUpLink.shown": false,
        "ldapIgnoreNamingRules": false,
        "enable_previews": true,
        "preview_libreoffice_path": "\/usr\/lib64\/libreoffice\/program",
        "preview_office_cl_parameters": "--headless --nologo --nofirststartwizard --invisible --norestore -convert-to pdf -outdir",
        "maintenance": false,
        "secret": "***REMOVED SENSITIVE VALUE***",
        "loglevel": 1,
        "trashbin_retention_obligation": "auto",
        "ldapProviderFactory": "\\OCA\\User_LDAP\\LDAPProviderFactory",
        "overwrite.cli.url": "https:\/\/cloud.metrinomics.net",
        "theme": "",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "memcache.local": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 6379,
            "dbindex": 0,
            "timeout": 1.5,
            "password": "***REMOVED SENSITIVE VALUE***"
        },
        "mysql.utf8mb4": true,
        "app_install_overwrite": [
            "calendar"
        ],
        "updater.release.channel": "stable",
        "encryption.legacy_format_support": false,
        "encryption.key_storage_migrated": false,
        "mail_sendmailmode": "smtp"
    }
}

Client configuration

Browser: Firefox, but I think we need to know the nextcloud app version 3.17.0

Operating system: Android 8 ~ 10

Logs

 "Exception": "OC\\Authentication\\Exceptions\\InvalidTokenException",
 "Message": "Token does not exist",
 "Code": 0,

{
  "reqId": "1pAiHhXpIN0xb3h73Ewj",
  "level": 2,
  "time": "2021-09-30T05:32:26+00:00",
  "remoteAddr": "IP-ADDR",
  "user": "--",
  "app": "core",
  "method": "PROPFIND",
  "url": "/remote.php/webdav/",
  "message": "Login failed: 'eae4e038-40bf-1030-95a8-4387be8d2cbf' (Remote IP: 'IP-ADDR')",
  "userAgent": "Mozilla/5.0 (Android) Nextcloud-android/3.17.0",
  "version": "21.0.4.1"
}
{
  "reqId": "1pAiHhXpIN0xb3h73Ewj",
  "level": 1,
  "time": "2021-09-30T05:32:26+00:00",
  "remoteAddr": "IP-ADDR",
  "user": "--",
  "app": "core",
  "method": "PROPFIND",
  "url": "/remote.php/webdav/",
  "message": "Bruteforce attempt from \"IP-ADDR\" detected for action \"login\".",
  "userAgent": "Mozilla/5.0 (Android) Nextcloud-android/3.17.0",
  "version": "21.0.4.1"
}