You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Sign in to Nextcloud using SAML SSO via web browser. Confirm that a new user is created and the following userid has been mapped to this user in Nextcloud. oauth2|<User Source>|XXXXXXXXX
Sign in from Android application. Enter the URL, sign in to IdP and grant access to Nextcloud. Signing in was successful but the application show "server is unavailable" (Translated from Japanese. The notation might be different.). Additionally, there seems to be no file from android application.
Expected behaviour
Applications on another OS (Windows, macOS, iOS) works correctly, could get files, could upload files, and create new file or folder.
Android apps should work the same way.
Actual behaviour
The situations where things go wrong are described in the section above.
Signing in was successful, and get back to file view. However, app showed "server unavailable" and there seems to be no file. In fact, some files are uploaded and must be displayed. Additionally, I couldn't upload files and create new files. (the '+' button didn't respond)
I was wondering if this was a SAML authentication error or an app problem. However, another client application (Windows, macOS, iOS) could sign in and get files correctly so I have assumed this to be an android app problem. I also found some exception in the log shown below.
I tried to sign in using app password and QR code generated by web browser, but the situation did not change.
The manually created account that can local login worked correctly. This account's userid was admin. So I think the userid cause this issue.
userid mapped from SAML attribute is so long and contains character '|'. When creating account manually, I cannot use | in userid's input box. Are you sure this symbol is an invalid character?
Finally, I changed mappings of userid. I chose attribute not contains |, http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn. Then, it worked correctly.
But I want to use nameidentifier since it is guaranteed to be unique...
Android version
12
Device brand and model
Xperia 1 III (XQ-BC42)
Stock or custom OS?
Stock
Nextcloud android app version
3.22.0
Nextcloud server version
24.0.6
Using a reverse proxy?
Yes
Android logs
After app send PROPFIND request, I found some exceptions.
userid and domain are masked by X. They are normal character.
10-21 00:36:08.527 5662 8086 D RefreshFolderOperation: Checking changes in oauth2|slack|XXXXXXXX-XXXXXXXX@xxx.xxxxxxx.dev/
10-21 00:36:08.528 5662 8086 D OwnCloudClient #0: REQUEST PROPFIND /remote.php/dav/files/oauth2%7Cslack%7CT032NHEKPNJ-U032XGMFXNY//
10-21 00:36:08.632 5662 8086 E ReadFileRemoteOperation: Read file / failed: Unexpected exception
10-21 00:36:08.632 5662 8086 E ReadFileRemoteOperation: java.lang.ArrayIndexOutOfBoundsException: length=1; index=1
10-21 00:36:08.632 5662 8086 E ReadFileRemoteOperation: at com.owncloud.android.lib.common.network.WebdavEntry.<init>(WebdavEntry.java:157)
10-21 00:36:08.632 5662 8086 E ReadFileRemoteOperation: at com.owncloud.android.lib.resources.files.ReadFileRemoteOperation.run(ReadFileRemoteOperation.java:94)
10-21 00:36:08.632 5662 8086 E ReadFileRemoteOperation: at com.owncloud.android.lib.common.operations.RemoteOperation.execute(RemoteOperation.java:205)
10-21 00:36:08.632 5662 8086 E ReadFileRemoteOperation: at com.owncloud.android.operations.RefreshFolderOperation.checkForChanges(RefreshFolderOperation.java:364)
10-21 00:36:08.632 5662 8086 E ReadFileRemoteOperation: at com.owncloud.android.operations.RefreshFolderOperation.run(RefreshFolderOperation.java:234)
10-21 00:36:08.632 5662 8086 E ReadFileRemoteOperation: at com.owncloud.android.lib.common.operations.RemoteOperation.run(RemoteOperation.java:399)
10-21 00:36:08.632 5662 8086 E ReadFileRemoteOperation: at java.lang.Thread.run(Thread.java:1012)
10-21 00:36:08.632 5662 8086 E RefreshFolderOperation: Checked oauth2|slack|XXXXXXXX-XXXXXXXX@xxx.xxxxx.dev/ : Unexpected exception
10-21 00:36:08.632 5662 8086 E RefreshFolderOperation: java.lang.ArrayIndexOutOfBoundsException: length=1; index=1
10-21 00:36:08.632 5662 8086 E RefreshFolderOperation: at com.owncloud.android.lib.common.network.WebdavEntry.<init>(WebdavEntry.java:157)
10-21 00:36:08.632 5662 8086 E RefreshFolderOperation: at com.owncloud.android.lib.resources.files.ReadFileRemoteOperation.run(ReadFileRemoteOperation.java:94)
10-21 00:36:08.632 5662 8086 E RefreshFolderOperation: at com.owncloud.android.lib.common.operations.RemoteOperation.execute(RemoteOperation.java:205)
10-21 00:36:08.632 5662 8086 E RefreshFolderOperation: at com.owncloud.android.operations.RefreshFolderOperation.checkForChanges(RefreshFolderOperation.java:364)
10-21 00:36:08.632 5662 8086 E RefreshFolderOperation: at com.owncloud.android.operations.RefreshFolderOperation.run(RefreshFolderOperation.java:234)
10-21 00:36:08.632 5662 8086 E RefreshFolderOperation: at com.owncloud.android.lib.common.operations.RemoteOperation.run(RemoteOperation.java:399)
10-21 00:36:08.632 5662 8086 E RefreshFolderOperation: at java.lang.Thread.run(Thread.java:1012)
10-21 00:36:08.632 5662 8086 D RefreshFolderOperation: Send broadcast com.owncloud.android.operations.RefreshFolderOperation.EVENT_SINGLE_FOLDER_CONTENTS_SYNCED
10-21 00:36:08.633 5662 8086 D RefreshFolderOperation: Send broadcast com.owncloud.android.operations.RefreshFolderOperation.EVENT_SINGLE_FOLDER_SHARES_SYNCED
10-21 00:36:08.633 5662 5662 D FileDisplayActivity: Received broadcast com.owncloud.android.operations.RefreshFolderOperation.EVENT_SINGLE_FOLDER_CONTENTS_SYNCED
10-21 00:36:08.655 5662 5662 D FileDisplayActivity: Setting progress visibility to true
10-21 00:36:08.655 5662 5662 D FileDisplayActivity: Received broadcast com.owncloud.android.operations.RefreshFolderOperation.EVENT_SINGLE_FOLDER_SHARES_SYNCED
10-21 00:36:08.667 5662 5662 D FileDisplayActivity: Setting progress visibility to false
Steps to reproduce
I apologize at the outset for my poor English.
I use SAML2.0 SSO via auth0. auth0's
user_id
format may cause this issue.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
urn:<Tenant>.<Region>.auth0.com
https://<Tenant>.<Region>.auth0.com/samlp/<auth0 app's client id>
https://<Tenant>.<Region>.auth0.com/samlp/<auth0 app's client id>/logout
oauth2|<User Source>|XXXXXXXXX
Expected behaviour
Applications on another OS (Windows, macOS, iOS) works correctly, could get files, could upload files, and create new file or folder.
Android apps should work the same way.
Actual behaviour
The situations where things go wrong are described in the section above.
Signing in was successful, and get back to file view. However, app showed "server unavailable" and there seems to be no file. In fact, some files are uploaded and must be displayed. Additionally, I couldn't upload files and create new files. (the '+' button didn't respond)
I was wondering if this was a SAML authentication error or an app problem. However, another client application (Windows, macOS, iOS) could sign in and get files correctly so I have assumed this to be an android app problem. I also found some exception in the log shown below.
I tried to sign in using app password and QR code generated by web browser, but the situation did not change.
The manually created account that can local login worked correctly. This account's userid was
admin
. So I think the userid cause this issue.userid mapped from SAML attribute is so long and contains character '|'. When creating account manually, I cannot use
|
in userid's input box. Are you sure this symbol is an invalid character?Finally, I changed mappings of userid. I chose attribute not contains
|
,http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn
. Then, it worked correctly.But I want to use nameidentifier since it is guaranteed to be unique...
Android version
12
Device brand and model
Xperia 1 III (XQ-BC42)
Stock or custom OS?
Stock
Nextcloud android app version
3.22.0
Nextcloud server version
24.0.6
Using a reverse proxy?
Yes
Android logs
After app send PROPFIND request, I found some exceptions.
userid and domain are masked by X. They are normal character.
Server error logs
Additional information
No response
The text was updated successfully, but these errors were encountered: