3

We're trying to develop an ASP.NET Core web API which lets users authenticate through Azure AD and would like to retrieve files from NextCloud on behalf of this Azure AD user. Our infrastructure is composed of an Ubuntu server running NextCloud 12, a Windows Server running the ASP.NET Core web API and an Azure Active Directory instance with Azure AD Domain Services.
Signing in through NextCloud using LDAP (provided by AAD Domain Services) works without any issues.

We've been trying out SSO with SAML in addition to LDAP but we keep seeing this error message when signing into NextCloud:

Account not provisioned.
Your account is not provisioned, access to this service is thus not possible.

How exactly are we able to retrieve files from NextCloud by using the same Azure AD token we receive when authenticating with our ASP.NET web API?

ginomessmer
  • 589
  • 4
  • 11
  • No experience on NextCloud, but it is somehow registered in Azure AD? I'm guessing the standard on-behalf-of grant flow would be used in this case, exchanging the access token you got to your API for an access to call NextCloud as described here: https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-oauth-on-behalf-of – juunas Nov 30 '17 at 20:04
  • Yep we're making use of a registered Enterprise App in our Azure AD and provided the required SSO/SAML details. We're getting the same error message. – ginomessmer Dec 01 '17 at 08:32

1 Answers1

0

SAML is not well versed to use with Web APIs - its protocol is heavily vested on the application being Web Apps - ideally you should use Open Id Connect with Jwt tokens.

Andre Teixeira
  • 783
  • 3
  • 11