Hi, Rafal. This part provides hint about the cause: ``` No metadata returned for http://nextcloud-instance/apps/user_saml/saml/metadata in role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor ``` Either `entityid` in your metadata differs from what comes in request, or your metadata wasn't picked up by IDP for some reason (or wasn't pushed there). Seeing you using Docker, that may be the cause, as last time I checked, I had some issues with SAML TR in DE. Did you use [this doc](https://gluu.org/docs/gluu-server/4.2/installation-guide/install-docker/) when creating your setup?

Thanks for your answer. I've checked `entityid` in metadata file (and URI as well) and both are the same. In the meantime I created Nextcloud instance without Traefik proxy, but issue is the same. Of course, I've used docs while deploying Gluu server. Do you suggest that Docker isn't good idea for deploying Gluu? Is it better to deploy Gluu directly on Ubuntu 20.04? I assumed that successfully validated and active TR (in the GUI) means that there is no problem on the Gluu side, but in the log (`/opt/gluu/jetty/identity/logs/oxtrust.log`) I saw these lines: ``` 2021-08-24 14:16:14,257 DEBUG [Thread-3945] [org.gluu.oxtrust.service.MetadataValidationTimer] (MetadataValidationTimer.java:114) - Starting metadata validation 2021-08-24 14:16:14,257 DEBUG [Thread-3945] [org.gluu.oxtrust.service.MetadataValidationTimer] (MetadataValidationTimer.java:117) - Metadata validation finished with result: 'false' ```

>Of course, I've used docs while deploying Gluu server. Do you suggest that Docker isn't good idea for deploying Gluu? No, of course not. It's just this doc mainly was intended to quickly spin up a Gluu Server and evaluate it. It's not fully-functional production environment, and more like a scoop of a bigger thing (Kubernetes-based deployment). If memory serves me, the thing that is missing when it comes to Outbound SAML is proper Jackrabbit configuration pieces, let me find the steps for you..

Though about this: > Metadata validation finished with result: 'false' Do you see any hints what TR this messages related to? Do you see any warnings for the Nextcloud TR you created, when you open its page? Also, please share your metadata file here.

Thanks for your response, > If memory serves me, the thing that is missing when it comes to Outbound SAML is proper Jackrabbit configuration pieces, let me find the steps for you.. Oh, I didn't notice this service... Hope, that this is the cause of my problems. > Do you see any hints what TR this messages related to? Do you see any warnings for the Nextcloud TR you created, when you open its page? As for now, I've configured only one TR. No warnings, but I noticed, that TR changed it status to Inactive, but validation is still success. Maybe it's related to Jackrabbit? This is my SP metadata file (generated automatically by Nextcloud): ``` <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" validUntil="2021-08-26T10:58:47Z" cacheDuration="PT604800S" entityID="http://nextcloud-instance:8080/apps/user_saml/saml/metadata"> <md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://nextcloud-instance:8080/apps/user_saml/saml/acs" index="1" /> </md:SPSSODescriptor> </md:EntityDescriptor> ``` I'll try to configure Jackrabbit and come back with findings

I've successfully configured Jackrabbit and now I'm properly redirected to the Gluu login page. SP metadata file is also properly transported to oxshibboleth container. But after logging in to Nextcloud, I'm getting error: `Account not provisioned. Your account is not provisioned, access to this service is thus not possible.` I've configured TR to pass to SP *Username* parameter, what is confirmed in logs: ``` 2021-08-24 20:01:01,189 - 10.20.228.2 - INFO [Shibboleth-Audit.SSO:282] - 10.20.228.2|2021-08-24T20:01:00.970063Z|2021-08-24T20:01:01.189262Z|usertst48649|http://nextcloud-instance:8080/apps/user_saml/saml/metadata|_7169293beebfeff7bd9ddda136c25c70|password|2021-08-24T19:51:56.806Z|mail,uid,displayName|AAdzZWNyZXQxh+r2v0HH8AeffTWE09T0WGXODwN/VDe5I40/YFy6hRiNZnztrf4KGLW8euyIcHukE8H7l4O+T/aDR5CGSGRIUwNTu3v7oP3Tiz5QTai8htvePqljjF5Cqcc9EXTZypPjGpMBxzYVR6qStY8QPwgMbtN7Ss5RKiqNtwuTJlOlgpZ80ML6Mkg=|transient|true|false||urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST||Success||38b4f94da2fcf68e38225ac25ee495922cfde7c8a7bf09accd67bde8db583f42|Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:88.0) Gecko/20100101 Firefox/88.0 ``` But in Nextcloud logs I'm getting: ``` {"reqId":"YNePSISMXMeILHnKjvxc","level":4,"time":"2021-08-24T20:03:33+00:00","remoteAddr":"10.20.228.2","user":"--","app":"user_saml","method":"POST","url":"/apps/user_saml/saml/acs","message":"IDP parameter for the UID not found. Possible parameters are: []","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:88.0) Gecko/20100101 Firefox/88.0","version":"21.0.4.1"} ``` Am I forgetting about something?

Great, that's a step forward, at least. Please share the complete SAML response it POSTs back to Nextcloud. Can be extracted either using some kind of SAML tracing plugin existing for major browsers, or by enabling [debugging logging for IDP](https://gluu.org/docs/gluu-server/4.2/operation/logs/#adjust-shibboleth-log-level) inside "oxshibboleth" container and checking "idp-process.log" in there. If the assertion part in it is encrypted, you'll need to disable assertion encryption in your TR's "Configure Relying Party" properties so we could read it (make sure "encryptAssertions" is set to "never" for "SAML2SSO" profile there).

Extracted SAML response (using some Firefox add-on): `POST http://nextcloud-instance:8080/apps/user_saml/saml/acs` ``` <saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="http://nextcloud-instance:8080/apps/user_saml/saml/acs" ID="_c7753fb82ef395bfdb9557c56573ec3a" InResponseTo="ONELOGIN_1197d7a7c27ceb06348400a3d0f9d0e50b93b637" IssueInstant="2021-08-24T20:45:56.571Z" Version="2.0" > <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://gluu-server/idp/shibboleth</saml2:Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /> <ds:Reference URI="#_c7753fb82ef395bfdb9557c56573ec3a"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /> <ds:DigestValue>bHUJ/Bj1/37OTb59PnHhcNjUW37XFqXL+u8cFl1QAnw=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>aCFG6cYgkEx3Dc1IiwDn5lCu4JZwqcqxLa4YGxXGhfFWIQljpRVxjkXL2YmdBeGVkoAFSVXIaracleCt2OGwjdGaRtNkCB1ua6hrSIIeg9mHQnd6OyeQ1ajAwjBc0I517/7sSQB8HsiUvAvyr75SNzFJUq6Q6aNrEgwjeR0TQAnB6gK8MIBFUq82RN11K3lI7sqAJOjgHCia8Re2/jrPh1JCWBAG3P0NIfXJPlqLF5BVVdH0rh9J837q/XMa+L5yiC80eeiPft84znAxSDrPqzNTZSXphWmcpcxQy3iOuGGtPuuD1HMb20pYzBkO6Un2vDX5nH4AldUg0+PNBHMbyg==</ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate>MIIDkzCCAnsCFBWkK7YpGVYJVz284IRG7Nk0vJyFMA0GCSqGSIb3DQEBCwUAMIGFMQswCQYDVQQG EwJQTDELMAkGA1UECAwCTVoxDzANBgNVBAcMBldhcnNhdzERMA8GA1UECgwIaW5kZXZvcHMxHDAa BgNVBAMME2dsdXUuYWphYmxvbnNraS5wcm8xJzAlBgkqhkiG9w0BCQEWGHBhd2VsLmtvcGVyQGlu ZGV2b3BzLmNvbTAeFw0yMTA4MTcwODAxMzVaFw0yMjA4MTcwODAxMzVaMIGFMQswCQYDVQQGEwJQ TDELMAkGA1UECAwCTVoxDzANBgNVBAcMBldhcnNhdzERMA8GA1UECgwIaW5kZXZvcHMxHDAaBgNV BAMME2dsdXUuYWphYmxvbnNraS5wcm8xJzAlBgkqhkiG9w0BCQEWGHBhd2VsLmtvcGVyQGluZGV2 b3BzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKO5I/VenYa6WCkgrgveCbWo R7bHrra9pxCqEXZSyLXmRibhxzKLI2LoRSZonT4MwXQtLewchrsC+1ExUMBwn5TnsQTPF4mtnz9i +MvwyMmXXUB4JJo7TffmZe19m4Fj1xVKtACHBtYG5h/HbLY7sOjyGXBkdntvGzU9Rkav1MR3YAZ/ KdTcg4euzU125/B1WRH8ytlq2sgIvDpT+fTttMP+XA4T9db4LIDuuhc/AUXsD5Qw6Ys3nvfBlYuY lejcjcTK3PGSwCy6xomNy/uIgmqnsP+SoIfPv+wh2Vq7/fDKauuweb7F0YDHu8OhTJEUubQ/irEm 7Nl1b+0DEcPgCVkCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAPXMxwFYuxd1xTwvUbn3MQy4nNvv2 UY7qCCna3kKqml+EmhoXQOSlB+6YGvPjxo2ZxFQfPcdg5l+W3WbM+jBxRzUPoXggcArrbRw+DWRB zE2o5NfF7MW4fSwdjQoDgwFrV5v0t7ybXOKixj4q6cN05abJc4WgOz8C1pr2id51Ahwg/Pbntt6q 72xwDRPjXLlatG8BwOmZ/UgaPm9ncEIHRDHFlL27zi48VutOG+yxtpCPn8b69rQ83Ldmaj6iqWbc gAw0ahEwj0TmgFXOc9bPPCiE3Va4p5hLI7bnE6sXtiOevrA5lrLrn6GEhnN/9GgCF2TAoVTJvqvD eGFo1ChAtA==</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> <saml2p:Status> <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /> </saml2p:Status> <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_ba8399929325c25698eeeed9629fe5b3" IssueInstant="2021-08-24T20:45:56.571Z" Version="2.0" > <saml2:Issuer>https://gluu-server/idp/shibboleth</saml2:Issuer> <saml2:Subject> <saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="https://gluu-server/idp/shibboleth" SPNameQualifier="http://nextcloud-instance:8080/apps/user_saml/saml/metadata" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" >AAdzZWNyZXQxl1OwP/P/XwzbLci9PwMQl4+Sy8swN5+BJ06A3rplfMwzEBPAjuwWMWAk6auGbSMXy+Ab/xtM75oRIBSoNuKhdFLXnLMBX8mU04aO3uufT0qHQayii4mI02xhJWwm76qsVTDa6QCes7bpSof1pVaTcncKZGCfTGYc5z0CBLmNgmUQTKouhjA=</saml2:NameID> <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml2:SubjectConfirmationData Address="10.20.228.2" InResponseTo="ONELOGIN_1197d7a7c27ceb06348400a3d0f9d0e50b93b637" NotOnOrAfter="2021-08-24T20:50:56.577Z" Recipient="http://nextcloud-instance:8080/apps/user_saml/saml/acs" /> </saml2:SubjectConfirmation> </saml2:Subject> <saml2:Conditions NotBefore="2021-08-24T20:45:56.571Z" NotOnOrAfter="2021-08-24T20:50:56.571Z" > <saml2:AudienceRestriction> <saml2:Audience>http://nextcloud-instance:8080/apps/user_saml/saml/metadata</saml2:Audience> </saml2:AudienceRestriction> </saml2:Conditions> <saml2:AuthnStatement AuthnInstant="2021-08-24T20:45:56.495Z" SessionIndex="_3c48e77bdd6d0a921857e903dc1d9be9" > <saml2:SubjectLocality Address="10.20.228.2" /> <saml2:AuthnContext> <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef> </saml2:AuthnContext> </saml2:AuthnStatement> </saml2:Assertion> </saml2p:Response> ```

So no attributes huh. Something is still not in order, apparently. Try to bring the whole deployment down, than up again (using `pygluu-compose.pyz`), then re-try the whole thing, and harvest a new SAML response, see if it's different. If it won't be, proceed to enabling debugging logging, and share full "idp-process.log" with us showing the failing flow.

I've restarted my deployment and now SAML response contains attributes: ``` <saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="http://nextcloud-instance:8080/apps/user_saml/saml/acs" ID="_bc5e9c20f6c4bdd963aaa8bb25787231" InResponseTo="ONELOGIN_fa9018f6a03dcba1573e7d2767af736bc3b5df39" IssueInstant="2021-08-25T08:49:14.248Z" Version="2.0" > <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://gluu-server/idp/shibboleth</saml2:Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /> <ds:Reference URI="#_bc5e9c20f6c4bdd963aaa8bb25787231"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /> <ds:DigestValue>xlldxZHIi+iNC0wXzaIqBC+/vyuoCyvNuWXqhavr1bs=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>P4So+ey4Jx42JWQe3fJcnNVsDzJUWnZjIv4Mx0DARDqy4bm0i1Az2s0TqtTWqcpWAYIr3v9kFMq8cUzTCppKMtMocItSXgi1+sYEgOMfEp+SFC7o7cJMx3hLzbvTatI+mRqAoM4ZdWbBjXl+QziwfxVk3fZdMNLLaXLiH8yQaPS6WkNEfHs4PfT8eAsppSySjdIOhe044nv9lnbaHs5Cc2FgD7cJk3Nz8EPvp9ng70CtBQ7gtejnloUmZEiJql45XO2jWJql4LxqkKKYBM+RBsPS/VDIZmKoTlnzutq/LSOipWXagDrDYR57NihKw4id14KkyKEpyhLhVNsiyB8+qw==</ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate>MIIDkzCCAnsCFBWkK7YpGVYJVz284IRG7Nk0vJyFMA0GCSqGSIb3DQEBCwUAMIGFMQswCQYDVQQG EwJQTDELMAkGA1UECAwCTVoxDzANBgNVBAcMBldhcnNhdzERMA8GA1UECgwIaW5kZXZvcHMxHDAa BgNVBAMME2dsdXUuYWphYmxvbnNraS5wcm8xJzAlBgkqhkiG9w0BCQEWGHBhd2VsLmtvcGVyQGlu ZGV2b3BzLmNvbTAeFw0yMTA4MTcwODAxMzVaFw0yMjA4MTcwODAxMzVaMIGFMQswCQYDVQQGEwJQ TDELMAkGA1UECAwCTVoxDzANBgNVBAcMBldhcnNhdzERMA8GA1UECgwIaW5kZXZvcHMxHDAaBgNV BAMME2dsdXUuYWphYmxvbnNraS5wcm8xJzAlBgkqhkiG9w0BCQEWGHBhd2VsLmtvcGVyQGluZGV2 b3BzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKO5I/VenYa6WCkgrgveCbWo R7bHrra9pxCqEXZSyLXmRibhxzKLI2LoRSZonT4MwXQtLewchrsC+1ExUMBwn5TnsQTPF4mtnz9i +MvwyMmXXUB4JJo7TffmZe19m4Fj1xVKtACHBtYG5h/HbLY7sOjyGXBkdntvGzU9Rkav1MR3YAZ/ KdTcg4euzU125/B1WRH8ytlq2sgIvDpT+fTttMP+XA4T9db4LIDuuhc/AUXsD5Qw6Ys3nvfBlYuY lejcjcTK3PGSwCy6xomNy/uIgmqnsP+SoIfPv+wh2Vq7/fDKauuweb7F0YDHu8OhTJEUubQ/irEm 7Nl1b+0DEcPgCVkCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAPXMxwFYuxd1xTwvUbn3MQy4nNvv2 UY7qCCna3kKqml+EmhoXQOSlB+6YGvPjxo2ZxFQfPcdg5l+W3WbM+jBxRzUPoXggcArrbRw+DWRB zE2o5NfF7MW4fSwdjQoDgwFrV5v0t7ybXOKixj4q6cN05abJc4WgOz8C1pr2id51Ahwg/Pbntt6q 72xwDRPjXLlatG8BwOmZ/UgaPm9ncEIHRDHFlL27zi48VutOG+yxtpCPn8b69rQ83Ldmaj6iqWbc gAw0ahEwj0TmgFXOc9bPPCiE3Va4p5hLI7bnE6sXtiOevrA5lrLrn6GEhnN/9GgCF2TAoVTJvqvD eGFo1ChAtA==</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> <saml2p:Status> <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /> </saml2p:Status> <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_39d61a1660ab49b7f7b3b3bb88b962e6" IssueInstant="2021-08-25T08:49:14.248Z" Version="2.0" > <saml2:Issuer>https://gluu-server/idp/shibboleth</saml2:Issuer> <saml2:Subject> <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml2:SubjectConfirmationData Address="10.20.228.2" InResponseTo="ONELOGIN_fa9018f6a03dcba1573e7d2767af736bc3b5df39" NotOnOrAfter="2021-08-25T08:54:14.392Z" Recipient="http://nextcloud-instance:8080/apps/user_saml/saml/acs" /> </saml2:SubjectConfirmation> </saml2:Subject> <saml2:Conditions NotBefore="2021-08-25T08:49:14.248Z" NotOnOrAfter="2021-08-25T08:54:14.248Z" > <saml2:AudienceRestriction> <saml2:Audience>http://nextcloud-instance:8080/apps/user_saml/saml/metadata</saml2:Audience> </saml2:AudienceRestriction> </saml2:Conditions> <saml2:AuthnStatement AuthnInstant="2021-08-25T08:49:13.710Z" SessionIndex="_d6577f246902375ee0c6135499515599" > <saml2:SubjectLocality Address="10.20.228.2" /> <saml2:AuthnContext> <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef> </saml2:AuthnContext> </saml2:AuthnStatement> <saml2:AttributeStatement> <saml2:Attribute FriendlyName="mail" Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" > <saml2:AttributeValue>some.email@example.com</saml2:AttributeValue> </saml2:Attribute> <saml2:Attribute FriendlyName="uid" Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" > <saml2:AttributeValue>usertst</saml2:AttributeValue> </saml2:Attribute> <saml2:Attribute FriendlyName="displayName" Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" > <saml2:AttributeValue>Test User</saml2:AttributeValue> </saml2:Attribute> </saml2:AttributeStatement> </saml2:Assertion> </saml2p:Response> ``` But the error on th Nextcloud side is still the same, I suppose, that it is due to improper naming the `Name` attribute - `FriendlyName` is ok, and `Name` should be the same. Nextcloud log fragment: ``` {"reqId":"RrjH0rmUdY6IMCD430ZS","level":4,"time":"2021-08-25T08:49:16+00:00","remoteAddr":"10.20.228.2","user":"--","app":"user_saml","method":"POST","url":"/apps/user_saml/saml/acs","message":"IDP parameter for the UID not found. Possible parameters are: [\"urn:oid:0.9.2342.19200300.100.1.3\",\"urn:oid:0.9.2342.19200300.100.1.1\",\"urn:oid:2.16.840.1.113730.3.1.241\"]","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:88.0) Gecko/20100101 Firefox/88.0","version":"21.0.4.1"} root@4d9935dfed0b:/var/www/html/data# ``` So i changed bind pameter on the Nextcloud side from `uid` to `urn:oid:0.9.2342.19200300.100.1.1` - it works for me. Is there a better way to achieve proper functioning of integration? And additionally I observed that after making integration successful, whole SSO process is slow - I've to wait for login form for about 30 seconds. I would like to thank you very much for quick and helpful guidances.

>that it is due to improper naming the Name attribute - FriendlyName is ok, and Name should be the same. Yep, I actually anticipated this to happen :) >So i changed bind pameter on the Nextcloud side from uid to urn:oid:0.9.2342.19200300.100.1.1 - it works for me. Great, glad it worked finally. Good job, really, you've officially completed a crash course on Outbound SAML troubleshooting here ;) >And additionally I observed that after making integration successful, whole SSO process is slow - I've to wait for login form for about 30 seconds. We have a similar report from another user already, and currently looking into it. Still thank you for the heads up, hopefully we'll find the cause of it soon.