HElp COnfiguring SAML with nextcloud using LLNG

Support
1

NethServer Version: current
Module: LemonldapNG
Module: Nextcloud

I have been tryign to configure SAML for my new NExtclud instance, using LemonldapNG and the manual presented here: userguide:llng [NethServer & NethSecurity]

I am however facing One Main challenge,
Everytime a user logins to he server, i am getting he error:

Account not provisioned.
Your account is not provisioned, access to this service is thus not possible.

image
image577×341 28.7 KB

I am getting this error message

{"reqId":"RPuUoIIhPwtgebJUzMjW","level":3,"time":"2025-10-19T08:48:05+00:00","remoteAddr":"154.ip.173","user":"--","app":"user_saml","method":"POST","url":"/apps/user_saml/saml/acs","message":"invalid_response","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36 Edg/141.0.0.0","version":"31.0.7.1","data":{"app":"user_saml"}}
2025-10-19T11:48:05+03:00 [1:nextcloud2:nextcloud-app] NOTICE: PHP message: [nextcloud][user_saml][3] {"reqId":"RPuUoIIhPwtgebJUzMjW","level":3,"time":"2025-10-19T08:48:05+00:00","remoteAddr":"154.159.254.173","user":"--","app":"user_saml","method":"POST","url":"/apps/user_saml/saml/acs","message":"The assertion of the Response is not encrypted and the SP requires it","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36 Edg/141.0.0.0","version":"31.0.7.1","data":{"app":"user_saml"}}
2

Do you use valid certificates for LLNG and Nextcloud? Or maybe try to disable encryption for testing…

EDIT:

From userguide:llng [NethServer & NethSecurity]

Back in the left gutter, expand SAML2 Service, then Security parameters, then click on Signature. Click the New certificate link near the top of the page. Copy the certificate from the Public Key field on this page.

and

  • In the first field under X.509 certificate of the Service Provider, enter your public key from the signature in LLNG Manager
  • In the second field under Private Key of the Service Provider, enter your private key from the signature in LLNG Manager
3

Actually Disabling this, Seems to work
image
loggedin with

2025-10-19T12:07:11+03:00 [1:nextcloud2:nextcloud-app] NOTICE: PHP message: [nextcloud][PHP][2] {"reqId":"gWWZJ6Ul5FU4yGl6GmL7","level":2,"time":"2025-10-19T09:07:11+00:00","remoteAddr":"154.159.254.173","user":"nitram","app":"PHP","method":"PUT","url":"/ocs/v2.php/cloud/users/martin","message":"Undefined array key \"id\" at /var/www/html/custom_apps/scim_client/lib/Db/ScimEvent.php#50","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36 Edg/141.0.0.0","version":"31.0.7.1","data":{"app":"PHP"}}
2025-10-19T12:07:11+03:00 [1:nextcloud2:nextcloud-app] NOTICE: PHP message: [nextcloud][PHP][2] {"reqId":"gWWZJ6Ul5FU4yGl6GmL7","level":2,"time":"2025-10-19T09:07:11+00:00","remoteAddr":"154.159.254.173","user":"martin","app":"PHP","method":"PUT","url":"/ocs/v2.php/cloud/users/martin","message":"Undefined array key \"group_id\" at /var/www/html/custom_apps/scim_client/lib/Db/ScimEvent.php#56","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64)
1 Like
4

I have done and repeated, the above stpes you outline, numerous times, but the issue was persistent still

5

DId we resolve email mapping?