Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Regression ? upgrade to 2.2.0 via market makes it unable to login with OpenID #283

Open
nodens opened this issue Feb 1, 2023 · 4 comments
Open

Regression ? upgrade to 2.2.0 via market makes it unable to login with OpenID #283

nodens opened this issue Feb 1, 2023 · 4 comments

Comments

@nodens
Copy link

nodens commented Feb 1, 2023

Hi,

We tried upgrading openidconnect on a test instance from 2.1.1 to 2.2.0.

Owncloud version: 10.11.0.6 (community).
PHP version: 7.4

We have a minimalist configuration, with keycloak as idp, set in DB.

Values set:
provider-url
client-id
client-secret
loginButtonName

After upgrading from market and login out, trying to log back in gives "Access Forbidden":
Screenshot from 2023-02-01 15-49-18

The log doesn't show anything wrong, and according to keycloak, access was granted properly.

Downgrading to 2.1.1 makes it functionnal again.

Am I missing something here? Any suggestion?

Thanks!
@DeepDiver1975
Copy link
Member

"raise" log level to debug - value 0 in config.php - then you should see more entries in the log.

@nodens
Copy link
Author

nodens commented Feb 2, 2023
edited
Loading

Thanks!

I'm afraid it was already at 0 in owncloud/config/config.php though.
I see exactly the same log entries as with 2.1.1 but it stops earlier.

With 2.2.0, after authenticating on the IDP, after the message": "LoginFlowController::login : Token info log entry, I get a message with the user info which seems to be correct, and then nothing. (app: OpenID). The "access forbidden" message shows up in the browser, but nothing in the logs.

With 2.1.1, after this message, I get a log entries from the OC\\Authentication\\Token\\DefaultTokenProvider::generateToken app saying generating token, then app: OpenID continue with messages such as access token payload, RefreshTokenResponse, and so on.

I can provide the actual logs if you're interested, but I'd need a pgp key to encrypt it or at least a private channel. ;)

@jnweiger jnweiger mentioned this issue Aug 17, 2023
Open
@nodens
Copy link
Author

nodens commented Dec 20, 2023

adding a bit more info, since it's annoying to downgrade every time I upgrade owncloud now openid is bundled:
As far as I can tell, the return is correct, but I always get a 403 (sometimes a 503) with 2.2.0.
I'll try to git bisect to get more insight, but since there is no log (and no crash on owncloud side) it's a bit hard to debug.

@nodens
Copy link
Author

nodens commented Dec 21, 2023

So the result of the git bisect is that the problem occurs since either
[783202d] feat: account info auto-update (#222)
[2a569b3] feat: Added support for HTTP Proxy (#237)

But those don't give the exact behaviour described in this issue: it give a 500 instead when I log on our IDP (keycloak).
the actual issue starts at [94fcbc3]

Hope this helps!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@DeepDiver1975 @nodens