Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New users can't login (register?) #453

Closed
Thatoo opened this issue Apr 20, 2024 · 17 comments
Closed

New users can't login (register?) #453

Thatoo opened this issue Apr 20, 2024 · 17 comments

Comments

@Thatoo
Copy link

Thatoo commented Apr 20, 2024

Describe the bug

Old users can connect to synapse thanks to Element app and CAS.
New created user can't login thanks to CAS.

Context

  • Hardware: Old laptop or computer
  • YunoHost version: 11.2.11.2
  • I have access to my server: Through SSH | through the webadmin | direct access via keyboard / screen
  • Are you in a special context or did you perform some particular tweaking on your YunoHost instance?: no
  • Using, or trying to install package version/branch: 1.104.0~ynh1
  • If upgrading, current package version: 1.104.0~ynh1

Steps to reproduce

Create a new user.
Connect to SSO with this user.
Go to app.element.io
Choose our synapse server adress
Click on "Continue with CAS"
Reach to the SSO screen

Expected behavior

Be redirected to an url like /_matrix/client/r0/login/cas/ticket?redirectUrl= as it is the case for old accounts who have already used synapse server in the past.

Logs

in logs, I can see that when I attempt to login with new account :

2024-04-20 10:43:52,656 - synapse.rest.client.login - 677 - INFO - GET-10- Redirecting to https://matrix.DOMAINE.NAME/_matrix/cas_server.php/login?service=https%3A%2F%2Fmatrix.DOMAINE.NAME%2F_matrix%2Fclient%2Fr0%2Flogin%2Fcas%2Fticket%3FredirectUrl%3Dhttps%253A%252F%252Fapp.element.io%252F
2024-04-20 10:43:52,656 - synapse.access.http.8008 - 472 - INFO - GET-10- 10.0.242.87 - 8008 - {None} Processed request: 0.001sec/-0.000sec (0.000sec, 0.000sec) (0.000sec/0.000sec/0) 0B 302 "GET /_matrix/client/v3/login/sso/redirect/cas?redirectUrl=https%3A%2F%2Fapp.element.io%2F&org.matrix.msc3824.action=login HTTP/1.0" "Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0" [0 dbevts]
2024-04-20 10:43:57,005 - synapse.federation.sender - 1019 - INFO - wake_destinations_needing_catchup-2- Destination public.cat has outstanding catch-up, waking up.
2024-04-20 10:44:02,007 - synapse.federation.sender - 1019 - INFO - wake_destinations_needing_catchup-2- Destination public.cat has outstanding catch-up, waking up.
2024-04-20 10:44:07,008 - synapse.federation.sender - 1019 - INFO - wake_destinations_needing_catchup-2- Destination public.cat has outstanding catch-up, waking up.

and this when I login with old account :

2024-04-20 10:46:39,604 - synapse.rest.client.login - 677 - INFO - GET-21- Redirecting to https://matrix.DOMAINE.NAME/_matrix/cas_server.php/login?service=https%3A%2F%2Fmatrix.DOMAINE.NAME%2F_matrix%2Fclient%2Fr0%2Flogin%2Fcas%2Fticket%3FredirectUrl%3Dhttps%253A%252F%252Fapp.element.io%252F
2024-04-20 10:46:39,605 - synapse.access.http.8008 - 472 - INFO - GET-21- 10.0.242.87 - 8008 - {None} Processed request: 0.001sec/-0.000sec (0.000sec, 0.000sec) (0.000sec/0.000sec/0) 0B 302 "GET /_matrix/client/v3/login/sso/redirect/cas?redirectUrl=https%3A%2F%2Fapp.element.io%2F&org.matrix.msc3824.action=login HTTP/1.0" "Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0" [0 dbevts]
2024-04-20 10:46:46,469 - synapse.http.client - 426 - INFO - GET-22- Received response to GET https://matrix.DOMAINE.NAME/_matrix/cas_server.php/proxyValidate?ticket=4a39ce2bde831b79060d6bf50682a8ed2cdf9d0d3a12aeb9aba01066821d474bba3b1572be160a6d5ed2a1a59e72a4980c79&service=https%3A%2F%2Fmatrix.DOMAINE.NAME%2F_matrix%2Fclient%2Fr0%2Flogin%2Fcas%2Fticket%3FredirectUrl%3Dhttps%253A%252F%252Fapp.element.io%252F: 200
2024-04-20 10:46:46,473 - synapse.handlers.sso - 374 - INFO - GET-22- Found existing mapping for IdP 'cas' and remote_user_id 'USER': @USER:DOMAINE.NAME
2024-04-20 10:46:46,492 - synapse.access.http.8008 - 472 - INFO - GET-22- 10.0.242.87 - 8008 - {None} Processed request: 0.047sec/-0.000sec (0.017sec, 0.002sec) (0.002sec/0.009sec/4) 13948B 200 "GET /_matrix/client/r0/login/cas/ticket?redirectUrl=https://app.element.io/&ticket=4a39ce2bde831b79060d6bf50682a8ed2cdf9d0d3a12aeb9aba01066821d474bba3b1572be160a6d5ed2a1a59e72a4980c79 HTTP/1.0" "Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0" [0 dbevts]
2024-04-20 10:46:46,622 - synapse.access.http.8008 - 472 - INFO - GET-23- 10.0.242.87 - 8008 - {None} Processed request: 0.007sec/-0.000sec (0.001sec, 0.001sec) (0.001sec/0.003sec/2) 2834B 200 "GET /_matrix/media/v1/thumbnail/DOMAINE.NAME/ZFwtqLGXOCBezgCJpwvEEcnd?width=64&height=64&method=crop HTTP/1.0" "Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0" [0 dbevts]
2024-04-20 10:46:46,895 - synapse.storage.databases.main.event_push_actions - 1321 - INFO - rotate_notifs-9- Rotating notifications
2024-04-20 10:46:46,898 - synapse.storage.databases.main.event_push_actions - 1525 - INFO - rotate_notifs-9- Rotating notifications up to: 44483
2024-04-20 10:46:46,902 - synapse.storage.databases.main.event_push_actions - 1611 - INFO - rotate_notifs-9- Rotating notifications, handling 0 rows
2024-04-20 10:46:46,910 - synapse.storage.databases.main.event_push_actions - 1696 - INFO - rotate_notifs-9- Rotating notifications, deleted 0 push actions
2024-04-20 10:46:47,003 - synapse.federation.sender - 1019 - INFO - wake_destinations_needing_catchup-5- Destination public.cat has outstanding catch-up, waking up.
2024-04-20 10:46:47,007 - synapse.handlers.presence - 913 - INFO - persist_presence_changes-3- Persisting 1 unpersisted presence updates
2024-04-20 10:46:47,057 - synapse.util.caches.lrucache - 218 - INFO - LruCache._expire_old_entries-9- Dropped 0 items from caches
2024-04-20 10:46:47,096 - synapse.storage.databases.main.metrics - 399 - INFO - generate_user_daily_visits-0- Calling _generate_user_daily_visits
@Josue-T
Copy link

Josue-T commented Apr 20, 2024
edited
Loading

Thanks to report the issue. I can't reproducte the issue on my side so it's a bit more complex.

What is the result of grep '# LDAP Filter anonymous user Applied' /opt/yunohost/matrix-synapse/lib/python3.9/site-packages/ldap_auth_provider.py ?

@Josue-T Josue-T mentioned this issue Apr 20, 2024
Closed
@Thatoo
Copy link
Author

Thatoo commented Apr 20, 2024
edited
Loading 

:~ $ sudo grep -A 10 '# LDAP Filter anonymous user Applied' /opt/yunohost/matrix-synapse/lib/python3.9/site-packages/ldap_auth_provider.py
        # LDAP Filter anonymous user Applied
        ldap_config = _LdapConfig(
            enabled=config.get("enabled", False),
            mode=LDAPMode.SEARCH
            if config.get("mode", "simple") == "search"
            else LDAPMode.SIMPLE,
            uri=config["uri"],
            start_tls=config.get("start_tls", False),
            tls_options=config.get("tls_options"),
            validate_cert=config.get("validate_cert", True),
            base=config["base"],

@Josue-T
Copy link

Josue-T commented Apr 20, 2024

And grep _matrix/cas_server.php /var/log/nginx/*-access.log ?

@Thatoo
Copy link
Author

Thatoo commented Apr 20, 2024
edited
Loading 

:~ $ sudo grep _matrix/cas_server.php /var/log/nginx/matrix.DOMAIN.NAME-access.log
XXX.XXX.XXX.XXX - - [20/Apr/2024:10:04:15 +0200] "GET /_matrix/cas_server.php/login?service=https%3A%2F%2Fmatrix.DOMAIN.NAME%2F_matrix%2Fclient%2Fr0%2Flogin%2Fcas%2Fticket%3FredirectUrl%3Dhttps%253A%252F%252Fapp.element.io%252F HTTP/2.0" 302 138 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0"
XXX.XXX.XXX.XXX - - [20/Apr/2024:10:14:43 +0200] "GET /_matrix/cas_server.php/login?service=https%3A%2F%2Fmatrix.DOMAIN.NAME%2F_matrix%2Fclient%2Fr0%2Flogin%2Fcas%2Fticket%3FredirectUrl%3Dhttps%253A%252F%252Fapp.element.io%252F HTTP/2.0" 302 138 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0"
XXX.XXX.XXX.XXX - USER1 [20/Apr/2024:10:15:39 +0200] "GET /_matrix/cas_server.php/login?service=https%3A%2F%2Fmatrix.DOMAIN.NAME%2F_matrix%2Fclient%2Fr0%2Flogin%2Fcas%2Fticket%3FredirectUrl%3Dhttps%253A%252F%252Fapp.element.io%252F HTTP/2.0" 302 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0"
::1 - - [20/Apr/2024:10:15:39 +0200] "GET /_matrix/cas_server.php/proxyValidate?ticket=a898e7d0578f35172474d240c15602bfac9c4c3b861249d373dbc2e02223f8d4d24bd01e3faeedc84321c722743dc774088b&service=https%3A%2F%2Fmatrix.DOMAIN.NAME%2F_matrix%2Fclient%2Fr0%2Flogin%2Fcas%2Fticket%3FredirectUrl%3Dhttps%253A%252F%252Fapp.element.io%252F HTTP/1.1" 200 375 "-" "Synapse/1.104.0"
XXX.XXX.XXX.XXX - USER1 [20/Apr/2024:10:17:20 +0200] "GET /_matrix/cas_server.php/login?service=https%3A%2F%2Fmatrix.DOMAIN.NAME%2F_matrix%2Fclient%2Fr0%2Flogin%2Fcas%2Fticket%3FredirectUrl%3Dhttps%253A%252F%252Fapp.element.io%252F HTTP/2.0" 302 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0"
::1 - - [20/Apr/2024:10:17:20 +0200] "GET /_matrix/cas_server.php/proxyValidate?ticket=483073aa23bd5c88683cb566da434565db741e3c961489e1b5aa2cfa7c1623864ce9bf0bd870cf489909c404e9edd9f8c9b2&service=https%3A%2F%2Fmatrix.DOMAIN.NAME%2F_matrix%2Fclient%2Fr0%2Flogin%2Fcas%2Fticket%3FredirectUrl%3Dhttps%253A%252F%252Fapp.element.io%252F HTTP/1.1" 200 375 "-" "Synapse/1.104.0"
XXX.XXX.XXX.XXX - USER2 [20/Apr/2024:10:22:12 +0200] "GET /_matrix/cas_server.php/login?service=https%3A%2F%2Fmatrix.DOMAIN.NAME%2F_matrix%2Fclient%2Fr0%2Flogin%2Fcas%2Fticket%3FredirectUrl%3Dhttps%253A%252F%252Fapp.element.io%252F HTTP/2.0" 302 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0"
::1 - - [20/Apr/2024:10:22:13 +0200] "GET /_matrix/cas_server.php/proxyValidate?ticket=9c6bd4a9fe9751113a6d926abc2f1b3d2c12df484ae6b830d325bbe0f0fee50755c44da86df59edf3064b02c3d8bad91e264&service=https%3A%2F%2Fmatrix.DOMAIN.NAME%2F_matrix%2Fclient%2Fr0%2Flogin%2Fcas%2Fticket%3FredirectUrl%3Dhttps%253A%252F%252Fapp.element.io%252F HTTP/1.1" 200 385 "-" "Synapse/1.104.0"
XXX.XXX.XXX.XXX - - [20/Apr/2024:10:23:28 +0200] "GET /_matrix/cas_server.php/login?service=https%3A%2F%2Fmatrix.DOMAIN.NAME%2F_matrix%2Fclient%2Fr0%2Flogin%2Fcas%2Fticket%3FredirectUrl%3Dhttps%253A%252F%252Fapp.element.io%252F HTTP/2.0" 302 138 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0"
XXX.XXX.XXX.XXX - - [20/Apr/2024:10:33:05 +0200] "GET /_matrix/cas_server.php/login?service=https%3A%2F%2Fmatrix.DOMAIN.NAME%2F_matrix%2Fclient%2Fr0%2Flogin%2Fcas%2Fticket%3FredirectUrl%3Dhttps%253A%252F%252Fapp.element.io%252F HTTP/2.0" 302 138 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0"
XXX.XXX.XXX.XXX - - [20/Apr/2024:10:33:13 +0200] "GET /_matrix/cas_server.php/login?service=https://matrix.DOMAIN.NAME/_matrix/client/r0/login/cas/ticket?redirectUrl=https%3A%2F%2Fapp.element.io%2F&sso_login=7DE8288312186CFA8B14CBEFE292CD2F9EF3E4CADF4407816A9F987AB8A3EF8C516620A5CBA4705B4FE5DB05EE7CC7578F3E04EC94A1BECB0AB85DBF59753878 HTTP/2.0" 302 138 "https://DOMAIN.NAME/" "Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0"
XXX.XXX.XXX.XXX - - [20/Apr/2024:10:33:13 +0200] "GET /_matrix/cas_server.php/login?service=https://matrix.DOMAIN.NAME/_matrix/client/r0/login/cas/ticket?redirectUrl=https://app.element.io/ HTTP/2.0" 302 138 "https://DOMAIN.NAME/" "Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0"
XXX.XXX.XXX.XXX - - [20/Apr/2024:10:33:40 +0200] "GET /_matrix/cas_server.php/login?service=https://matrix.DOMAIN.NAME/_matrix/client/r0/login/cas/ticket?redirectUrl=https%3A%2F%2Fapp.element.io%2F&sso_login=25CD14A13F77241A40551D2FD71CCEF9947971E50CCC2F67C79729E17E661D61EFAA3C5A2385EE3BAF0947F19C1848AC37EAE7AADD8BC88483E973D43A59C3C9 HTTP/2.0" 302 138 "https://DOMAIN.NAME/" "Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0"
XXX.XXX.XXX.XXX - USER1 [20/Apr/2024:10:33:40 +0200] "GET /_matrix/cas_server.php/login?service=https://matrix.DOMAIN.NAME/_matrix/client/r0/login/cas/ticket?redirectUrl=https://app.element.io/ HTTP/2.0" 302 0 "https://DOMAIN.NAME/" "Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0"
::1 - - [20/Apr/2024:10:33:40 +0200] "GET /_matrix/cas_server.php/proxyValidate?ticket=def69e70e129a6dedb10d0f6dd8c73d281ad254cf6bdb4c0695694a38600194a773546ac02357a6dd898a6fc7ec47e491adc&service=https%3A%2F%2Fmatrix.DOMAIN.NAME%2F_matrix%2Fclient%2Fr0%2Flogin%2Fcas%2Fticket%3FredirectUrl%3Dhttps%253A%252F%252Fapp.element.io%252F HTTP/1.1" 200 375 "-" "Synapse/1.104.0"
XXX.XXX.XXX.XXX - - [20/Apr/2024:10:43:52 +0200] "GET /_matrix/cas_server.php/login?service=https%3A%2F%2Fmatrix.DOMAIN.NAME%2F_matrix%2Fclient%2Fr0%2Flogin%2Fcas%2Fticket%3FredirectUrl%3Dhttps%253A%252F%252Fapp.element.io%252F HTTP/2.0" 302 138 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0"
XXX.XXX.XXX.XXX - - [20/Apr/2024:10:44:03 +0200] "GET /_matrix/cas_server.php/login?service=https://matrix.DOMAIN.NAME/_matrix/client/r0/login/cas/ticket?redirectUrl=https%3A%2F%2Fapp.element.io%2F&sso_login=6B0BB36C2CE59B45CB2F3531FF8898F3763CA5705F6827550DAF1AAEB5661204A87E365C2DEBF08DA940C8070710B72465E9577EA8EBBC14F4F49810A8657F93 HTTP/2.0" 302 138 "https://DOMAIN.NAME/" "Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0"
XXX.XXX.XXX.XXX - - [20/Apr/2024:10:44:03 +0200] "GET /_matrix/cas_server.php/login?service=https://matrix.DOMAIN.NAME/_matrix/client/r0/login/cas/ticket?redirectUrl=https://app.element.io/ HTTP/2.0" 302 138 "https://DOMAIN.NAME/" "Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0"
XXX.XXX.XXX.XXX - - [20/Apr/2024:10:46:39 +0200] "GET /_matrix/cas_server.php/login?service=https%3A%2F%2Fmatrix.DOMAIN.NAME%2F_matrix%2Fclient%2Fr0%2Flogin%2Fcas%2Fticket%3FredirectUrl%3Dhttps%253A%252F%252Fapp.element.io%252F HTTP/2.0" 302 138 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0"
XXX.XXX.XXX.XXX - - [20/Apr/2024:10:46:46 +0200] "GET /_matrix/cas_server.php/login?service=https://matrix.DOMAIN.NAME/_matrix/client/r0/login/cas/ticket?redirectUrl=https%3A%2F%2Fapp.element.io%2F&sso_login=5326C463A78D479089D4668536C9ADEAA730B4D97C3C6E427113FBE78B631D0F33527D322F706658C0C44B9C9C621624EB1734062851D38651FA85E1CAD6AE63 HTTP/2.0" 302 138 "https://DOMAIN.NAME/" "Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0"
XXX.XXX.XXX.XXX - USER1 [20/Apr/2024:10:46:46 +0200] "GET /_matrix/cas_server.php/login?service=https://matrix.DOMAIN.NAME/_matrix/client/r0/login/cas/ticket?redirectUrl=https://app.element.io/ HTTP/2.0" 302 0 "https://DOMAIN.NAME/" "Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0"
::1 - - [20/Apr/2024:10:46:46 +0200] "GET /_matrix/cas_server.php/proxyValidate?ticket=4a39ce2bde831b79060d6bf50682a8ed2cdf9d0d3a12aeb9aba01066821d474bba3b1572be160a6d5ed2a1a59e72a4980c79&service=https%3A%2F%2Fmatrix.DOMAIN.NAME%2F_matrix%2Fclient%2Fr0%2Flogin%2Fcas%2Fticket%3FredirectUrl%3Dhttps%253A%252F%252Fapp.element.io%252F HTTP/1.1" 200 375 "-" "Synapse/1.104.0"
YYY.YYY.YYY.YYY - - [20/Apr/2024:11:58:46 +0200] "GET /_matrix/cas_server.php/login?service=https%3A%2F%2Fmatrix.DOMAIN.NAME%2F_matrix%2Fclient%2Fr0%2Flogin%2Fcas%2Fticket%3FredirectUrl%3Dhttps%253A%252F%252Fapp.element.io%252F HTTP/2.0" 302 138 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0"
YYY.YYY.YYY.YYY - - [20/Apr/2024:11:59:46 +0200] "GET /_matrix/cas_server.php/login?service=https://matrix.DOMAIN.NAME/_matrix/client/r0/login/cas/ticket?redirectUrl=https%3A%2F%2Fapp.element.io%2F&sso_login=E5BC654E73B8670C9D0E7D023E66292B321A01B7FDB28164ACB346BB84EC3149980A37469C84E90A2C058E9306E1D1D9A03A589E5F775A14A3B0F9B4E3DB3705 HTTP/2.0" 302 138 "https://DOMAIN.NAME/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0"
YYY.YYY.YYY.YYY - USER1 [20/Apr/2024:11:59:47 +0200] "GET /_matrix/cas_server.php/login?service=https://matrix.DOMAIN.NAME/_matrix/client/r0/login/cas/ticket?redirectUrl=https://app.element.io/ HTTP/2.0" 302 0 "https://DOMAIN.NAME/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0"
::1 - - [20/Apr/2024:11:59:48 +0200] "GET /_matrix/cas_server.php/proxyValidate?ticket=ed8867f98ee6664f0f52fb4b59ad1039eb95ab6b4cdedb27d8d98393fe263cdb018eb970f6cd927ae79e029529d681680ff8&service=https%3A%2F%2Fmatrix.DOMAIN.NAME%2F_matrix%2Fclient%2Fr0%2Flogin%2Fcas%2Fticket%3FredirectUrl%3Dhttps%253A%252F%252Fapp.element.io%252F HTTP/1.1" 200 375 "-" "Synapse/1.104.0"
YYY.YYY.YYY.YYY - USER1 [20/Apr/2024:12:18:11 +0200] "GET /_matrix/cas_server.php/login?service=https%3A%2F%2Fmatrix.DOMAIN.NAME%2F_matrix%2Fclient%2Fr0%2Flogin%2Fcas%2Fticket%3FredirectUrl%3Dhttps%253A%252F%252Fapp.element.io%252F HTTP/2.0" 302 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0"
::1 - - [20/Apr/2024:12:18:11 +0200] "GET /_matrix/cas_server.php/proxyValidate?ticket=c583d2b530125b19e380a721503645da94ed5863ea53336f330fed78f9a8974b24f27c300ff36b3af0ee0b7f63c471dc5535&service=https%3A%2F%2Fmatrix.DOMAIN.NAME%2F_matrix%2Fclient%2Fr0%2Flogin%2Fcas%2Fticket%3FredirectUrl%3Dhttps%253A%252F%252Fapp.element.io%252F HTTP/1.1" 200 375 "-" "Synapse/1.104.0"

USER1 and USER2 are two old users who have a matrix account from before the update.
I could not find any username of a new user (post update).

@Josue-T
Copy link

Josue-T commented Apr 20, 2024

Reach to the SSO screen

Do you mean on domain.tld/yunohost/sso ?

@Thatoo
Copy link
Author

Thatoo commented Apr 20, 2024

Exactly.
An old user is redirected, as expected, to domain.tld/_matrix/client/r0/login/cas/ticket?redirectUrl=xxxxxxxx
A new user is redirected to domain.tld/yunohost/sso

@Josue-T
Copy link

Josue-T commented Apr 20, 2024
edited
Loading

are you sure that the user have the permission to access to synapse (with yunohost user permission list synapse) ?

(note we can discuss with matrix it might be easier)

@Thatoo
Copy link
Author

Thatoo commented Apr 20, 2024 

~ $ sudo yunohost user permission list synapse
permissions: 
  synapse.admin_api: 
    allowed: 
      - admins
      - visitors
  synapse.main: 
    allowed: all_users
  synapse.server_api: 
    allowed: visitors
  synapse.server_client_infos: 
    allowed: visitors

@Josue-T
Copy link

Josue-T commented Apr 20, 2024

If you try this from the new user https://domain.tld/_matrix/cas_server.php what is the result ? And what is nginx log that you have related to this request ?

@Thatoo
Copy link
Author

Thatoo commented Apr 20, 2024

https://domain.tld/_matrix/cas_server.php redirect the new user to https://domain.tld/yunohost/sso

Well actually it's the same for old user also.

The log I mention wasn't nginx log but tail -f /var/log/matrix-synapse/homeserver.log

@Josue-T
Copy link

Josue-T commented Apr 20, 2024

Well I think if there are a redirection to the yunohost sso it's more an issue on nginx/sso side than on synapse it's why I would like the log of nginx to understand why there are this redirection. Can you share me also the content of /etc/ssowat/conf.json and /etc/ssowat/conf.json.persistent.

@Thatoo
Copy link
Author

Thatoo commented Apr 21, 2024 

sudo cat /etc/ssowat/conf.json
{
    "additional_headers": {
        "Auth-User": "uid",
        "Email": "mail",
        "Name": "cn",
        "Remote-User": "uid"
    },
    "domains": [
        "domain2.tld",
        "domain.tld",
        "USER1.domain.tld",
        "USER2.domain.tld",
        "gdev.domain.tld",
        "matrix.domain.tld",
        "admin.matrix.domain.tld",
        "domain3.tld",
        "borgserver.domain3.tld"
    ],
    "permissions": {
        "core_skipped": {
            "auth_header": false,
            "label": "Core permissions - skipped",
            "public": true,
            "show_tile": false,
            "uris": [
                "domain2.tld/yunohost/admin",
                "domain.tld/yunohost/admin",
                "USER1.domain.tld/yunohost/admin",
                "USER2.domain.tld/yunohost/admin",
                "gdev.domain.tld/yunohost/admin",
                "matrix.domain.tld/yunohost/admin",
                "admin.matrix.domain.tld/yunohost/admin",
                "domain3.tld/yunohost/admin",
                "borgserver.domain3.tld/yunohost/admin",
                "domain2.tld/yunohost/api",
                "domain.tld/yunohost/api",
                "USER1.domain.tld/yunohost/api",
                "USER2.domain.tld/yunohost/api",
                "gdev.domain.tld/yunohost/api",
                "matrix.domain.tld/yunohost/api",
                "admin.matrix.domain.tld/yunohost/api",
                "domain3.tld/yunohost/api",
                "borgserver.domain3.tld/yunohost/api",
                "re:^[^/]/502%.html$",
                "re:^[^/]*/%.well%-known/ynh%-diagnosis/.*$",
                "re:^[^/]*/%.well%-known/acme%-challenge/.*$",
                "re:^[^/]*/%.well%-known/autoconfig/mail/config%-v1%.1%.xml.*$"
            ],
            "users": []
        },
        "my_webapp__2.main": {
            "auth_header": true,
            "label": "Site de USER1",
            "public": true,
            "show_tile": true,
            "uris": [
                "USER1.domain.tld"
            ],
            "use_remote_user_var_in_nginx_conf": true,
            "users": [
                "USER3",
                "USER4",
                "USER5",
                "USER6",
                "NEWUSER2",
                "USER8",
                "USER9",
                "USER10",
                "USER11",
                "ADMIN1",
                "USER12",
                "USER13",
                "USER2",
                "NEWUSER1",
                "USER7"
            ]
        },
        "piwigo.main": {
            "auth_header": true,
            "label": "Galerie de USER2",
            "public": true,
            "show_tile": true,
            "uris": [
                "USER2.domain.tld"
            ],
            "use_remote_user_var_in_nginx_conf": true,
            "users": [
                "USER3",
                "USER4",
                "USER5",
                "USER6",
                "NEWUSER2",
                "USER8",
                "USER9",
                "USER10",
                "USER11",
                "ADMIN1",
                "USER12",
                "USER13",
                "USER2",
                "NEWUSER1",
                "USER7"
            ]
        },
        "synapse-admin.main": {
            "auth_header": true,
            "label": "Synapse Admin",
            "public": false,
            "show_tile": true,
            "uris": [
                "admin.matrix.domain.tld"
            ],
            "use_remote_user_var_in_nginx_conf": false,
            "users": [
                "ADMIN1"
            ]
        },
        "synapse.admin_api": {
            "auth_header": false,
            "label": "Synapse (Server administration API.)",
            "public": true,
            "show_tile": false,
            "uris": [
                "matrix.domain.tld/_synapse"
            ],
            "use_remote_user_var_in_nginx_conf": true,
            "users": [
                "ADMIN1"
            ]
        },
        "synapse.main": {
            "auth_header": true,
            "label": "Synapse",
            "public": false,
            "show_tile": false,
            "uris": [
                "matrix.domain.tld",
                "matrix.domain.tld/_matrix/cas_server.php/login"
            ],
            "use_remote_user_var_in_nginx_conf": true,
            "users": [
                "USER3",
                "USER4",
                "USER5",
                "USER6",
                "NEWUSER2",
                "USER8",
                "USER9",
                "USER10",
                "USER11",
                "ADMIN1",
                "USER12",
                "USER13",
                "USER2",
                "NEWUSER1",
                "USER7"
            ]
        },
        "synapse.server_api": {
            "auth_header": false,
            "label": "Synapse (Server access for client apps.)",
            "public": true,
            "show_tile": false,
            "uris": [
                "matrix.domain.tld/_matrix"
            ],
            "use_remote_user_var_in_nginx_conf": true,
            "users": []
        },
        "synapse.server_client_infos": {
            "auth_header": false,
            "label": "Synapse (Server info for clients. (well-known))",
            "public": true,
            "show_tile": false,
            "uris": [
                "domain.tld/.well-known/matrix"
            ],
            "use_remote_user_var_in_nginx_conf": true,
            "users": []
        }
    },
    "portal_domain": "domain.tld",
    "portal_path": "/yunohost/sso/",
    "redirected_regex": {
        "domain.tld/yunohost[\\/]?$": "https://domain.tld/yunohost/sso/"
    },
    "redirected_urls": {},
    "theme": "default"

sudo cat /etc/ssowat/conf.json.persistent
{
    "permissions": {
        "custom_protected": {
            "auth_header": true, 
            "label": "Custom permissions - protected", 
            "public": false, 
            "show_tile": false, 
            "uris": [
                "matrix.domain.tld/_matrix/cas_server.php/login"
            ], 
            "users": [
                "USER1", 
                "ADMIN1", 
                "USER2", 
                "USER4",
                "USER5",
                "USER5",
                "USER6",
                "USER7"
            ]
        }, 
        "custom_skipped": {
            "auth_header": false, 
            "label": "Custom permissions - skipped", 
            "public": true, 
            "show_tile": false, 
            "uris": [
                "matrix.domain.tld/_matrix", 
                "domain.tld/.well-known/matrix/"
            ], 
            "users": []
        }
    }, 
    "redirected_urls": {
    }
}

Je remarque que NEWUSER1 and NEWUSER2 are not listed in /etc/ssowat/conf.json.persistent

"permissions": {
        "custom_protected": {
            "users": [
            ]
        }, 
}

and also some old users aren't listed neither. Maybe I'll try (if I can) if thoose old user account can connect or not.

@Thatoo
Copy link
Author

Thatoo commented Apr 21, 2024
edited
Loading

Indeed, if I try to login in app.element.io with CAS on matrix.domain.tld with one of the old user account not listed in /etc/ssowat/ :

conf.json.persistent
"permissions": {
        "custom_protected": {
            "users": [
            ]
        }, 
}

it doesn't work neither.

I'd like to add also the fact that in /etc/ssowat/conf.json.persistent :

{
    "permissions": {
    "redirected_urls": {
    }
}

are actually listed two very old redirection unused today (i removed them before copy/paste).

So it sounds like /etc/ssowat/conf.json.persistent is very much not up to date.

@Josue-T
Copy link

Josue-T commented Apr 21, 2024

Well it depends. Since a long time synapse don't manage this file. So either you have a really old install and there still are some dirty thing linked to the history or you did a customization.

@Thatoo
Copy link
Author

Thatoo commented Apr 21, 2024
edited
Loading

I have a very old installation I guess but no customization.

What should I do?

Can I delete /etc/ssowat/conf.json.persistent and ask yunohost to recreate one?

Well actually, if synapse don't manage it anymore, I guess yunohost won't generate any as everything is related to synapse in it except

{
    "permissions": {
    "redirected_urls": {
    }
}

which are also very old redirection unused today anyway.

So it sounds like a heritage unnecessary.

@Josue-T
Copy link

Josue-T commented Apr 21, 2024

No the /etc/ssowat/conf.json.persistent config file explicitly made for customization so yunohost won't manage it. The only reason that this file was modified by synapse is before the permission existed and there was no way to do what we needed so we used this file but it was like a hack. But now since a long time it's not managed by anything.

If you don't need any customization you can just put {} in this file it will be enough.

@Thatoo
Copy link
Author

Thatoo commented Apr 21, 2024

Thank you @Josue-T .
I did that and it solved this issue!

@Thatoo Thatoo closed this as completed Apr 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Thatoo @Josue-T