Nextcloud user_saml https://github.com/nextcloud/user_saml depends on the TXmlHelper.php function, whose execution is dropped by Snuffleupagus configuration in ghcr.io/hoellen/nextcloud:33 docker image.
{"reqId":"1ANWj8cg8KJt139qrKvW","level":3,"time":"2026-06-17T03:05:56+00:00","remoteAddr":"172.20.0.5","user":"--","app":"PHP","method":"POST","url":"/apps/user_saml/saml/acs","scriptName":"/index.php","message":"[snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'libxml_set_external_entity_loader' at /nextcloud/apps2/user_saml/lib/Helper/TXmlHelper.php#16","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/149.0.0.0 Safari/537.36","version":"33.0.3.2","data":{"app":"PHP"},"id":"6a320f16a181e"}
I was able to get it working by adding
sp.disable_function.function("libxml_set_external_entity_loader").filename("/nextcloud/apps2/user_saml/lib/Helper/TXmlHelper.php").allow();
The the following code block
# Nextcloud inherently enables XXE-Protection since 27.0.1, therefore, drop setting a new external entity loader sp.disable_function.function("libxml_set_external_entity_loader").filename("/nextcloud/lib/base.php").allow(); sp.disable_function.function("libxml_set_external_entity_loader").filename("/nextcloud/apps2/user_saml/lib/Helper/TXmlHelper.php").allow(); sp.disable_function.function("libxml_set_external_entity_loader").drop();
Given the nature of the apps2 folder having the potential to be named differently, is this an exclusion you would be able to add to the stock config?
Nextcloud user_saml https://github.com/nextcloud/user_saml depends on the TXmlHelper.php function, whose execution is dropped by Snuffleupagus configuration in ghcr.io/hoellen/nextcloud:33 docker image.
{"reqId":"1ANWj8cg8KJt139qrKvW","level":3,"time":"2026-06-17T03:05:56+00:00","remoteAddr":"172.20.0.5","user":"--","app":"PHP","method":"POST","url":"/apps/user_saml/saml/acs","scriptName":"/index.php","message":"[snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'libxml_set_external_entity_loader' at /nextcloud/apps2/user_saml/lib/Helper/TXmlHelper.php#16","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/149.0.0.0 Safari/537.36","version":"33.0.3.2","data":{"app":"PHP"},"id":"6a320f16a181e"}I was able to get it working by adding
sp.disable_function.function("libxml_set_external_entity_loader").filename("/nextcloud/apps2/user_saml/lib/Helper/TXmlHelper.php").allow();The the following code block
# Nextcloud inherently enables XXE-Protection since 27.0.1, therefore, drop setting a new external entity loader sp.disable_function.function("libxml_set_external_entity_loader").filename("/nextcloud/lib/base.php").allow(); sp.disable_function.function("libxml_set_external_entity_loader").filename("/nextcloud/apps2/user_saml/lib/Helper/TXmlHelper.php").allow(); sp.disable_function.function("libxml_set_external_entity_loader").drop();Given the nature of the apps2 folder having the potential to be named differently, is this an exclusion you would be able to add to the stock config?