Description
Steps to reproduce
- Configure user_saml with 'Use Environment variable'
- Configure an attribute mapping for mail and groups
- Log into your instance. If you have multiple groups and/or mail addresses, you can see in your personal information that they are not split into multiple values but treated as single values. This may even cause a crash if you are in many groups, because the database column is limited to 64 chars.
Expected behaviour
Multi-value attributes (delimited by semicolons) should be split. It works if not using the environment mechanism but connecting directly to an idp, but I want to integrate nextcloud into a federation, which requires the use of apache/mod_shib/shibd and environment variables.
Actual behaviour
Multi-value attributes are not split but treated as a single value, causing various problems.
I tracked that down to the behaviour of the getAttribute* functions in apps/user_saml/lib/UserBackend.php and I may be able to develop a workaround or clean fix, but of course this problem should be fixed in the official sources.
This bug makes the integration of Nextcloud into a Shibboleth-based federation impossible in many situations.
Server configuration
Operating system:
Ubuntu 22.04
Web server:
Apache 2.4.52
Database:
Postgresql 14
PHP version:
8.1
Nextcloud version: (see Nextcloud admin page)
25.0.3
Where did you install Nextcloud from:
?
List of activated apps:
- activity: 2.17.0
- admin_audit: 1.15.0
- bruteforcesettings: 2.5.0
- calendar: 4.2.3
- circles: 25.0.0
- cloud_federation_api: 1.8.0
- comments: 1.15.0
- contacts: 5.1.0
- contactsinteraction: 1.6.0
- dav: 1.24.0
- deck: 1.8.3
- federatedfilesharing: 1.15.0
- federation: 1.15.0
- files: 1.20.1
- files_pdfviewer: 2.6.0
- files_rightclick: 1.4.0
- files_sharing: 1.17.0
- files_trashbin: 1.15.0
- files_versions: 1.18.0
- issuetemplate: 0.7.0
- logreader: 2.10.0
- lookup_server_connector: 1.13.0
- notes: 4.6.0
- notifications: 2.13.1
- oauth2: 1.13.0
- password_policy: 1.15.0
- photos: 2.0.1
- privacy: 1.9.0
- provisioning_api: 1.15.0
- related_resources: 1.0.3
- serverinfo: 1.15.0
- settings: 1.7.0
- sharebymail: 1.15.0
- systemtags: 1.15.0
- tasks: 0.14.5
- text: 3.6.0
- theming: 2.0.1
- theming_customcss: 1.12.0
- twofactor_backupcodes: 1.14.0
- twofactor_totp: 7.0.0
- updatenotification: 1.15.0
- user_saml: 5.1.2
- user_status: 1.5.0
- viewer: 1.9.0
- weather_status: 1.5.0
- workflowengine: 2.7.0
Nextcloud configuration:
{
"system": {
"debug": true,
"instanceid": "REMOVED SENSITIVE VALUE",
"passwordsalt": "REMOVED SENSITIVE VALUE",
"secret": "REMOVED SENSITIVE VALUE",
"trusted_domains": [
"nc.uni-bremen.de",
"nextcloud.zfn.uni-bremen.de",
"nextcloud.uni-bremen.de",
"nextcloud.vm.uni-bremen.de"
],
"datadirectory": "REMOVED SENSITIVE VALUE",
"dbtype": "pgsql",
"version": "25.0.3.2",
"overwrite.cli.url": "https://nc.uni-bremen.de",
"dbname": "REMOVED SENSITIVE VALUE",
"dbhost": "REMOVED SENSITIVE VALUE",
"dbport": "",
"dbtableprefix": "oc_",
"mysql.utf8mb4": true,
"dbuser": "REMOVED SENSITIVE VALUE",
"dbpassword": "REMOVED SENSITIVE VALUE",
"installed": true,
"memcache.local": "\OC\Memcache\APCu",
"default_phone_region": "DE",
"filelocking.enabled": true,
"memcache.locking": "\OC\Memcache\Redis",
"memcache.distributed": "\OC\Memcache\Redis",
"redis": {
"host": "REMOVED SENSITIVE VALUE",
"port": 6379,
"timeout": 0,
"password": "REMOVED SENSITIVE VALUE"
},
"mail_smtpmode": "smtp",
"mail_smtpsecure": "tls",
"mail_sendmailmode": "smtp",
"mail_from_address": "REMOVED SENSITIVE VALUE",
"mail_domain": "REMOVED SENSITIVE VALUE",
"mail_smtphost": "REMOVED SENSITIVE VALUE",
"default_language": "de",
"default_locale": "de_DE",
"lookup_server": "",
"allow_user_to_change_display_name": false,
"enable_previews": true,
"maintenance": false,
"theme": "",
"loglevel": 1,
"trashbin_retention_obligation": "auto,30",
"bulkupload.enabled": false,
"app_install_overwrite": [
"issuetemplate"
]
}
}
Client configuration
Browser:
Firefox, Chrome, Chromium, ...
Operating system:
Ubuntu