Can't find /app/.cache & ClientAuthError
Shadow1356 opened this issue · 7 comments
Describe the bug
When I start up my Synology RS819+, I get 2 errors in the Docker logs below.
- I can't find the /app/.cache file anywhere on my system. Where should I be looking?
- It says that it cannot resolve my endpoints? Where should I start to diagnose my problem?
I am on the dev branch on Docker, because I needed a version for the ARM architecture.
Debug Log is attached
Perhaps you have not configured your Docker container? Error 1 means that you have not mapped the volume. Error 2 means that you probably have not set any environment variables (azure_tenantid, azure_app_id, azure_app_secret, ...).
Did you follow the installation? Printscreens from a NAS (Environments, Port settings, Volume) can be found in step 1 here.
One addition: Error 2 could also indicate that a proxy is in use? If you are using a proxy server, you can set the proxy URL in the environment variable HTTPS_PROXY or HTTP_PROXY (if regular http proxy).
I did set those environment variables. I took the specific ids out of the log I posted, just for security purposes.
How do I map the volume? I couldn't find the cache file.
I am not using a proxy server.
I can check my variables again, but I double checked that I had inputted the correct variables.
Please advise on a next step. Thank you!
You can create an empty folder anywhere on your NAS (often under /docker/, e.g., /docker/ldap)
Edit the Docker container, go to the volume settings, and then select "Add Folder":
Can you try the link ( https://login.microsoftonline.com/..../v2.0/.well-known/openid-configuration copy and paste from the log file) with your tenantid in a browser? Is the page available?
Your NAS has access to the Internet? No firewall or similar blocks it?
I got the volume mapping issue based on your suggestions. Thank you.
I'm still struggling with this network stuff. I tried the link just in my browser, and I got this response:
{"token_endpoint":"https://login.microsoftonline.com/TOKEN_I_REMOVED_MANUALLY/oauth2/v2.0/token","token_endpoint_auth_methods_supported":["client_secret_post","private_key_jwt","client_secret_basic"],"jwks_uri":"https://login.microsoftonline.com/TOKEN_I_REMOVED_MANUALLY/discovery/v2.0/keys","response_modes_supported":["query","fragment","form_post"],"subject_types_supported":["pairwise"],"id_token_signing_alg_values_supported":["RS256"],"response_types_supported":["code","id_token","code id_token","id_token token"],"scopes_supported":["openid","profile","email","offline_access"],"issuer":"https://login.microsoftonline.com/TOKEN_I_REMOVED_MANUALLY/v2.0","request_uri_parameter_supported":false,"userinfo_endpoint":"https://graph.microsoft.com/oidc/userinfo","authorization_endpoint":"https://login.microsoftonline.com/TOKEN_I_REMOVED_MANUALLY/oauth2/v2.0/authorize","device_authorization_endpoint":"https://login.microsoftonline.com/TOKEN_I_REMOVED_MANUALLY/oauth2/v2.0/devicecode","http_logout_supported":true,"frontchannel_logout_supported":true,"end_session_endpoint":"https://login.microsoftonline.com/TOKEN_I_REMOVED_MANUALLY/oauth2/v2.0/logout","claims_supported":["sub","iss","cloud_instance_name","cloud_instance_host_name","cloud_graph_host_name","msgraph_host","aud","exp","iat","auth_time","acr","nonce","preferred_username","name","tid","ver","at_hash","c_hash","email"],"kerberos_endpoint":"https://login.microsoftonline.com/TOKEN_I_REMOVED_MANUALLY/kerberos","tenant_region_scope":"NA","cloud_instance_name":"microsoftonline.com","cloud_graph_host_name":"graph.windows.net","msgraph_host":"graph.microsoft.com","rbac_url":"https://pas.windows.net"}
So, my keys work on the Azure side. I think I'm not configuring my network right. I'm doing it in Portainer, because my Synology doesn't support the Docker application that Synology has. Any suggestions? I've tried making a bridge network, and other kinds, but no dice.
Sorry, I have no network experience with Portainer so far. Can you start a console directly to the container with Portainer? If yes, you could try it with a ping. First ping a server via IP, e.g. 1.1.1.1 If the ping goes via IP, name resolution/DNS is probably your problem. If pinging an IP doesn't work either, the network traffic seems to be not possible at all.
In the docker dev tag are now some settings checked at startup. Depending on the error also a few details about the network and DNS are logged. This might help in your issue, if you are still interested in the wrapper.