SSO login fails with no session available
Opened this issue · 0 comments
JesseKPhillips commented
Steps to reproduce
I am hosting Synapse and Nextcloud on the same server with Nextcloud providing OIDC.
- Configure synapse in a sub-domain but present without sub-domain
- Configure an OIDC
- Login with SSO
- Login to other locations with SSO - 2 maybe 3, I had 4.
- Within the app, go to privacy -> Sessions
- Attempt to log-out a session
- You'll be prompted to login to verify identity, do so
- chat.<homeserver> - Points to Synapse Docker instance port 8008
- matrix-fed.<homeserver> - Points to Synapse Docker instance port 8008
- cloud.<homeserver> - Points to Nextcloud instance
- <homeserver>/_matrix/ - Points to Synapse Docker instance 8008
- <homeserver>/_synapse/ - Points to Synapse Docker instance 8008
- .well-known/matrix/server - directs to matrix-fed.<homeserver>
- .well-known/matrix/client - directs to chat.<homeserver>
This has all been done to get successful connection to the federation. And some additional back story can be found matrix-org/matrix.org#206 (comment)
server_name: "<homeserver>"
pid_file: /data/homeserver.pid
listeners:
- port: 8008
tls: false
type: http
x_forwarded: true
resources:
- names: [client, federation]
compress: false
database:
name: sqlite3
args:
database: /data/homeserver.db
log_config: "/data/chat.<homeserver>.log.config"
media_store_path: /data/media_store
registration_shared_secret: "this is the secret I use"
report_stats: true
macaroon_secret_key: "I have special secrets I tell you"
form_secret: "Alright I give, the secret is"
signing_key_path: "/data/chat.<homeserver>.signing.key"
trusted_key_servers:
- server_name: "<homeserver>"
- server_name: "chat.<homeserver>"
web_client_location: "https://cloud.<homeserver>/apps/riotchat/#/home"
public_baseurl: "https://chat.<homeserver>/"
password_config:
enabled: false
sso:
client_whitelist:
- "https://cloud.<homeserver>"
- "https://<homeserver>"
- "https://chat.<homeserver>" # Ok, I probably don't need this
update_profile_information: true
oidc_providers:
- idp_id: nextcloud
idp_name: "Secret"
skip_verification: false
issuer: "https://cloud.<homeserver>"
client_id: "gah, now you know"
client_secret: ""
client_auth_method: "client_secret_post"
scopes: ["openid", "profile"]
authorization_endpoint: "https://cloud.<homeserver>/apps/oidc/authorize"
token_endpoint: "https://cloud.<homeserver>/apps/oidc/token"
userinfo_endpoint: "https://cloud.<homeserver>/apps/oidc/userinfo"
jwks_uri: "https://cloud.<homeserver>/apps/oidc/jwks"
Outcome
What did you expect?
The login to be successful and verified, with the session being removed from the active list.
The initial login page should take you to chat.<homeserver>
What happened instead?
The Initial Login Page opens <homeserver> when you go to click to login it takes you to the chat.<homeserver> and presents a page that the session is missing.
Your phone model
Samsaugn A13
Operating system version
Android 11
Application version and app store
Element 1.6.14 G-310cecf5
Homeserver
Synapse 1.105.1
Will you send logs?
No
Are you willing to provide a PR?
No