Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

With SSO enabled you cannot enable apps due to second password prompt #4115

Closed
gregharvey opened this issue Mar 28, 2017 · 4 comments
Closed

With SSO enabled you cannot enable apps due to second password prompt #4115

gregharvey opened this issue Mar 28, 2017 · 4 comments
Labels
bug feature: authentication

Comments

@gregharvey
Copy link

gregharvey commented Mar 28, 2017
edited
Loading

Steps to reproduce

  1. Configure your server to use the core SSO app (in my case, with a simpleSAMLphp IdP)
  2. Provision an SSO user and make them admin
  3. Using the SSO user try to enable another app

Expected behaviour

I get challenged for my password, I should be able to enter my password and proceed.

Actual behaviour

I enter my password but - presumably because there's no local encrypted copy in the Nextcloud database - authentication fails and I cannot enable another app.

Server configuration

Operating system:

Debian 8

Web server:

Nginx

Database:

Percona

PHP version:

5.6

Nextcloud version: (see Nextcloud admin page)

11.0.2 (stable)

Updated from an older Nextcloud/ownCloud or fresh install:

No.

Where did you install Nextcloud from:

Download page on nextcloud.com.

Signing status:

Signing status 
No errors have been found.

List of activated apps:

App list 
Enabled:
  - activity: 2.4.1
  - comments: 1.1.0
  - dav: 1.1.1
  - federatedfilesharing: 1.1.1
  - federation: 1.1.1
  - files: 1.6.1
  - files_pdfviewer: 1.0.1
  - files_sharing: 1.1.1
  - files_texteditor: 2.2
  - files_trashbin: 1.1.0
  - files_versions: 1.4.0
  - files_videoplayer: 1.0.0
  - firstrunwizard: 2.0
  - gallery: 16.0.0
  - logreader: 2.0.0
  - lookup_server_connector: 1.0.0
  - nextcloud_announcements: 1.0
  - notifications: 1.0.1
  - password_policy: 1.1.0
  - provisioning_api: 1.1.0
  - serverinfo: 1.1.1
  - sharebymail: 1.0.1
  - survey_client: 0.1.5
  - systemtags: 1.1.3
  - theming: 1.1.1
  - twofactor_backupcodes: 1.0.0
  - updatenotification: 1.1.1
  - user_saml: 1.2.2
  - workflowengine: 1.1.1
Disabled:
  - admin_audit
  - encryption
  - external
  - files_accesscontrol
  - files_automatedtagging
  - files_external
  - files_retention
  - templateeditor
  - user_external
  - user_ldap

The content of config/config.php:

Config report 
{
    "system": {
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "localhost",
            "nextcloud.codeenigma.net"
        ],
        "datadirectory": "\/var\/www\/nextcloud\/data",
        "overwrite.cli.url": "http:\/\/localhost",
        "dbtype": "mysql",
        "version": "11.0.2.7",
        "dbname": "nextcloud",
        "dbhost": "localhost",
        "dbport": "",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "logtimezone": "UTC",
        "installed": true,
        "memcache.local": "\\OC\\Memcache\\APCu",
        "memcache.distributed": "\\OC\\Memcache\\Memcached",
        "memcached_servers": [
            [
                "localhost",
                11211
            ]
        ],
        "instanceid": "oc6gpk2heb50"
    },
    "apps": {
        "activity": {
            "enabled": "yes",
            "installed_version": "2.4.1",
            "types": "filesystem"
        },
        "backgroundjob": {
            "lastjob": "14"
        },
        "comments": {
            "enabled": "yes",
            "installed_version": "1.1.0",
            "types": "logging"
        },
        "core": {
            "installedat": "1490362042.0407",
            "lastcron": "1490698721",
            "lastupdateResult": "[]",
            "lastupdatedat": "1490697217",
            "public_files": "files_sharing\/public.php",
            "public_webdav": "dav\/appinfo\/v1\/publicwebdav.php",
            "shareapi_allow_public_upload": "no",
            "shareapi_allow_share_dialog_user_enumeration": "no",
            "shareapi_default_expire_date": "yes",
            "shareapi_expire_after_n_days": "1",
            "vendor": "nextcloud"
        },
        "dav": {
            "enabled": "yes",
            "installed_version": "1.1.1",
            "types": "filesystem"
        },
        "federatedfilesharing": {
            "enabled": "yes",
            "installed_version": "1.1.1",
            "types": ""
        },
        "federation": {
            "enabled": "yes",
            "installed_version": "1.1.1",
            "types": "authentication"
        },
        "files": {
            "cronjob_scan_files": "500",
            "enabled": "yes",
            "installed_version": "1.6.1",
            "types": "filesystem"
        },
        "files_pdfviewer": {
            "enabled": "yes",
            "installed_version": "1.0.1",
            "ocsid": "166049",
            "types": ""
        },
        "files_sharing": {
            "enabled": "yes",
            "incoming_server2server_share_enabled": "no",
            "installed_version": "1.1.1",
            "outgoing_server2server_share_enabled": "no",
            "types": "filesystem"
        },
        "files_texteditor": {
            "enabled": "yes",
            "installed_version": "2.2",
            "ocsid": "166051",
            "types": ""
        },
        "files_trashbin": {
            "enabled": "yes",
            "installed_version": "1.1.0",
            "types": "filesystem"
        },
        "files_versions": {
            "enabled": "yes",
            "installed_version": "1.4.0",
            "types": "filesystem"
        },
        "files_videoplayer": {
            "enabled": "yes",
            "installed_version": "1.0.0",
            "types": ""
        },
        "firstrunwizard": {
            "enabled": "yes",
            "installed_version": "2.0",
            "types": "logging"
        },
        "gallery": {
            "enabled": "yes",
            "installed_version": "16.0.0",
            "types": ""
        },
        "logreader": {
            "enabled": "yes",
            "installed_version": "2.0.0",
            "ocsid": "170871",
            "types": ""
        },
        "lookup_server_connector": {
            "enabled": "yes",
            "installed_version": "1.0.0",
            "types": "authentication"
        },
        "nextcloud_announcements": {
            "enabled": "yes",
            "installed_version": "1.0",
            "pub_date": "Sat, 10 Dec 2016 00:00:00 +0100",
            "types": "logging"
        },
        "notifications": {
            "enabled": "yes",
            "installed_version": "1.0.1",
            "types": "logging"
        },
        "password_policy": {
            "enabled": "yes",
            "enforceNumericCharacters": "0",
            "enforceUpperLowerCase": "0",
            "installed_version": "1.1.0",
            "minLength": "6",
            "types": ""
        },
        "provisioning_api": {
            "enabled": "yes",
            "installed_version": "1.1.0",
            "types": "prevent_group_restriction"
        },
        "serverinfo": {
            "enabled": "yes",
            "installed_version": "1.1.1",
            "types": ""
        },
        "sharebymail": {
            "enabled": "yes",
            "installed_version": "1.0.1",
            "types": "filesystem"
        },
        "survey_client": {
            "enabled": "yes",
            "installed_version": "0.1.5",
            "types": ""
        },
        "systemtags": {
            "enabled": "yes",
            "installed_version": "1.1.3",
            "types": "logging"
        },
        "theming": {
            "enabled": "yes",
            "installed_version": "1.1.1",
            "types": "logging"
        },
        "twofactor_backupcodes": {
            "enabled": "yes",
            "installed_version": "1.0.0",
            "types": ""
        },
        "updatenotification": {
            "enabled": "yes",
            "installed_version": "1.1.1",
            "types": ""
        },
        "user_saml": {
            "enabled": "yes",
            "general-require_provisioned_account": "0",
            "general-uid_mapping": "uid",
            "general-use_saml_auth_for_desktop": "1",
            "idp-entityId": "https:\/\/login.codeenigma.net\/idp\/saml2\/idp\/metadata.php",
            "idp-singleLogoutService.url": "https:\/\/login.codeenigma.net\/idp\/saml2\/idp\/SingleLogoutService.php",
            "idp-singleSignOnService.url": "https:\/\/login.codeenigma.net\/idp\/saml2\/idp\/SSOService.php",
            "idp-x509cert": "MIID+TCCAuGgAwIBAgIJAKv3laOkDrJ6MA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJHQjEPMA0GA1UECAwGTG9uZG9uMQ8wDQYDVQQHDAZMb25kb24xHDAaBgNVBAoME0NvZGUgRW5pZ21hIExpbWl0ZWQxHTAbBgNVBAMMFGxvZ2luLmNvZGVlbmlnbWEubmV0MSQwIgYJKoZIhvcNAQkBFhVzeXNhZG1AY29kZWVuaWdtYS5jb20wHhcNMTcwMjI3MTAyNzI0WhcNMjAwMjI3MTAyNzI0WjCBkjELMAkGA1UEBhMCR0IxDzANBgNVBAgMBkxvbmRvbjEPMA0GA1UEBwwGTG9uZG9uMRwwGgYDVQQKDBNDb2RlIEVuaWdtYSBMaW1pdGVkMR0wGwYDVQQDDBRsb2dpbi5jb2RlZW5pZ21hLm5ldDEkMCIGCSqGSIb3DQEJARYVc3lzYWRtQGNvZGVlbmlnbWEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZVACiu5W3BunAyLhYWaHGa29dLxNqaw+vO3U4nPWs\/SnhzWbAk0NYE\/dMs6KG84OVyVedvYZWhSWqYSMnYdgJzsEwZlIJySEkPvmGKSQVDaCAnmaBK7gEEpr20JcPrRXIN35ttZJbifkLGTUQ4qxVRkrdeb+8XVCNCUze1Zwq8xtQbdXYVMVXoQQSI46iZhL4CdvOnjZHVYQxEOqizph8KNwhVyWIyrdUvuZ\/Wco1tJ2fZjSZOHSN0V8oKL47gEz50FONzirAnkeuLHnBAB+l54ECICjkek14rz3TJyGq6UucYyc66+9oYlk\/iWfD0hkMckX1IsOkvNG9Env47\/nwIDAQABo1AwTjAdBgNVHQ4EFgQUCZs64XMmZ7Er\/WHDreiy3EmbD9YwHwYDVR0jBBgwFoAUCZs64XMmZ7Er\/WHDreiy3EmbD9YwDAYDVR0TBAUwAwEB\/zANBgkqhkiG9w0BAQsFAAOCAQEAVOsG7NRmeIY+8D1jICvPsPUjuDmUBTXrI5UBIXt8n5gd3SELM1xv0prrm\/nBI2Pdh7KWd3dSYdPxhCJPuP15seorRoDymvrXDOys91iCnRIN9\/YghdSwBAAzo+UV9anf2tWJTLJkyg0REuVN95503SYS6ELDG1c41N1w2q3IaR866d\/x5nOZN5tMaPQQVHpmGM+0z11U1n2mswjbkltl59jVWiHFHMbskXdp5vpPhVhfb4ELecBKl5gpZj2VByTTc3y7ZCHxTIyZQuKiHBS1co7ROYwut2qsuDhrW4rf29MAR9jkm1DnCPCr7cURtFr3fFV5zvv37hKBZcX35dgsbA==",
            "installed_version": "1.2.2",
            "sp-privateKey": "REDACTED",
            "sp-x509cert": "-----BEGIN CERTIFICATE-----\nMIIDszCCApugAwIBAgIJAIh8T8SyGf\/VMA0GCSqGSIb3DQEBCwUAMHAxCzAJBgNV\nBAYTAkdCMQ8wDQYDVQQIDAZMb25kb24xDzANBgNVBAcMBkxvbmRvbjEcMBoGA1UE\nCgwTQ29kZSBFbmlnbWEgTGltaXRlZDEhMB8GA1UEAwwYbmV4dGNsb3VkLmNvZGVl\nbmlnbWEuY29tMB4XDTE3MDMyNDE0MTU0NVoXDTI3MDMyNDE0MTU0NVowcDELMAkG\nA1UEBhMCR0IxDzANBgNVBAgMBkxvbmRvbjEPMA0GA1UEBwwGTG9uZG9uMRwwGgYD\nVQQKDBNDb2RlIEVuaWdtYSBMaW1pdGVkMSEwHwYDVQQDDBhuZXh0Y2xvdWQuY29k\nZWVuaWdtYS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFSWiC\nNoRljHZ3PhQ+nb3dukQPFSN7NettMRcQ+0cfCQcnEOHmdrxKQEZA7Jz4AlGBFCJX\niR7F+kNqVJo3F\/ba0JAHNsF8giHKjMIRcnfMqwqpjSFmY8fd4UcH8Z9jZWmIwuMs\nUwyM8Iuqf0RJ9Nds1kDapLVk5Rj87rHHFXK1R1Wyi0cCglFcwvpCsCYh0gEiQHhh\nwzO7tvcGwYIIYa+8\/SMOgoSmsCKRyTOuLcfmvN2BajKIWL+bqjS4pWLJWn6WHV6+\ndAPBqREcjua4vWYoMYCeFvQVKqEzwGF83bMsaim4DBAVU9ROmvw3Qrv7\/Cde6WtV\n8QYIK8eiHqYez+93AgMBAAGjUDBOMB0GA1UdDgQWBBSK9k0QOMV51VCkxWnumLjL\nU8xwKTAfBgNVHSMEGDAWgBSK9k0QOMV51VCkxWnumLjLU8xwKTAMBgNVHRMEBTAD\nAQH\/MA0GCSqGSIb3DQEBCwUAA4IBAQBWKRSJJcY8aVLSUVNNpfVKSYi89GvSjgVP\nH8i79MKNrRwT6R3z4wB\/bD67RBM+ktNID5Bz4SnQgt5op250\/DVYV\/B7KbA4x5RE\nI8DsOqFVaKncwm\/OVVVZkZFsim+ouVl9xnF9Nh\/4ryz0LeZOsMT7JcXujiMA3ic1\nad\/zxnIwMpPq\/JU\/yOscqQpXlDWP1NfbPZ\/4NLlEc1bJABz1k1UN\/koDQPjUqey7\nFf3kwmCQ+\/6jBJAtPNgNv4s0UZdnULG00ixMFthqYlAnlkavhxYaQliG8ETUq0rV\nfFVHbfyH\/94WFY9FGUjyVOI7C4kJFl08l1wsdM9IeTES+3FazPJs\n-----END CERTIFICATE-----",
            "type": "saml",
            "types": "authentication"
        },
        "workflowengine": {
            "enabled": "yes",
            "installed_version": "1.1.1",
            "types": "filesystem"
        }
    }
}

Are you using external storage, if yes which one: local/smb/sftp/...

No.

Are you using encryption: yes/no

No.

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...

Yes, SSO (see above).

Client configuration

Browser:

Google Chrome

Operating system:

Fedora Linux

Nextcloud log (data/nextcloud.log)

Nextcloud log 
{"reqId":"BqmBqfpdXu05VYH4gO5y","remoteAddr":"","app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/nextcloud\/lib\/private\/AppConfig.php#292","level":3,"time":"2017-03-28T11:00:47+00:00","method":"--","url":"--","user":"--","version":"11.0.2.7"}
@blizzz
Copy link
Member

blizzz commented Apr 3, 2017

@LukasReschke

@MorrisJobke
Copy link
Member

This is more a problem of this password prompt by @nickvergessen

@nickvergessen
Copy link
Member

Well it uses:

		$loginName = $this->userSession->getLoginName();
		$loginResult = $this->userManager->checkPassword($loginName, $password);
		if ($loginResult === false) {

If that doesn't work with SAML, tell me another way? In which case cc @LukasReschke is the correct question.

@LukasReschke
Copy link
Member

The SAML app sets last-password-confirm in lib/userbackend.php See nextcloud/user_saml@a616f1d for the relevant changes.

If this doesn't work please open an issue at https://github.com/nextcloud/user_saml/issues including your SSO configuration. Thanks :)

@nextcloud-bot nextcloud-bot mentioned this issue Sep 18, 2018
Closed
@nextcloud-bot nextcloud-bot mentioned this issue Nov 9, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug feature: authentication
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@nickvergessen @gregharvey @MorrisJobke @LukasReschke @blizzz