Closed Thatoo closed 2 months ago
Thanks to report the issue. I can't reproducte the issue on my side so it's a bit more complex.
What is the result of grep '# LDAP Filter anonymous user Applied' /opt/yunohost/matrix-synapse/lib/python3.9/site-packages/ldap_auth_provider.py
?
:~ $ sudo grep -A 10 '# LDAP Filter anonymous user Applied' /opt/yunohost/matrix-synapse/lib/python3.9/site-packages/ldap_auth_provider.py
# LDAP Filter anonymous user Applied
ldap_config = _LdapConfig(
enabled=config.get("enabled", False),
mode=LDAPMode.SEARCH
if config.get("mode", "simple") == "search"
else LDAPMode.SIMPLE,
uri=config["uri"],
start_tls=config.get("start_tls", False),
tls_options=config.get("tls_options"),
validate_cert=config.get("validate_cert", True),
base=config["base"],
And grep _matrix/cas_server.php /var/log/nginx/*-access.log
?
:~ $ sudo grep _matrix/cas_server.php /var/log/nginx/matrix.DOMAIN.NAME-access.log
XXX.XXX.XXX.XXX - - [20/Apr/2024:10:04:15 +0200] "GET /_matrix/cas_server.php/login?service=https%3A%2F%2Fmatrix.DOMAIN.NAME%2F_matrix%2Fclient%2Fr0%2Flogin%2Fcas%2Fticket%3FredirectUrl%3Dhttps%253A%252F%252Fapp.element.io%252F HTTP/2.0" 302 138 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0"
XXX.XXX.XXX.XXX - - [20/Apr/2024:10:14:43 +0200] "GET /_matrix/cas_server.php/login?service=https%3A%2F%2Fmatrix.DOMAIN.NAME%2F_matrix%2Fclient%2Fr0%2Flogin%2Fcas%2Fticket%3FredirectUrl%3Dhttps%253A%252F%252Fapp.element.io%252F HTTP/2.0" 302 138 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0"
XXX.XXX.XXX.XXX - USER1 [20/Apr/2024:10:15:39 +0200] "GET /_matrix/cas_server.php/login?service=https%3A%2F%2Fmatrix.DOMAIN.NAME%2F_matrix%2Fclient%2Fr0%2Flogin%2Fcas%2Fticket%3FredirectUrl%3Dhttps%253A%252F%252Fapp.element.io%252F HTTP/2.0" 302 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0"
::1 - - [20/Apr/2024:10:15:39 +0200] "GET /_matrix/cas_server.php/proxyValidate?ticket=a898e7d0578f35172474d240c15602bfac9c4c3b861249d373dbc2e02223f8d4d24bd01e3faeedc84321c722743dc774088b&service=https%3A%2F%2Fmatrix.DOMAIN.NAME%2F_matrix%2Fclient%2Fr0%2Flogin%2Fcas%2Fticket%3FredirectUrl%3Dhttps%253A%252F%252Fapp.element.io%252F HTTP/1.1" 200 375 "-" "Synapse/1.104.0"
XXX.XXX.XXX.XXX - USER1 [20/Apr/2024:10:17:20 +0200] "GET /_matrix/cas_server.php/login?service=https%3A%2F%2Fmatrix.DOMAIN.NAME%2F_matrix%2Fclient%2Fr0%2Flogin%2Fcas%2Fticket%3FredirectUrl%3Dhttps%253A%252F%252Fapp.element.io%252F HTTP/2.0" 302 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0"
::1 - - [20/Apr/2024:10:17:20 +0200] "GET /_matrix/cas_server.php/proxyValidate?ticket=483073aa23bd5c88683cb566da434565db741e3c961489e1b5aa2cfa7c1623864ce9bf0bd870cf489909c404e9edd9f8c9b2&service=https%3A%2F%2Fmatrix.DOMAIN.NAME%2F_matrix%2Fclient%2Fr0%2Flogin%2Fcas%2Fticket%3FredirectUrl%3Dhttps%253A%252F%252Fapp.element.io%252F HTTP/1.1" 200 375 "-" "Synapse/1.104.0"
XXX.XXX.XXX.XXX - USER2 [20/Apr/2024:10:22:12 +0200] "GET /_matrix/cas_server.php/login?service=https%3A%2F%2Fmatrix.DOMAIN.NAME%2F_matrix%2Fclient%2Fr0%2Flogin%2Fcas%2Fticket%3FredirectUrl%3Dhttps%253A%252F%252Fapp.element.io%252F HTTP/2.0" 302 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0"
::1 - - [20/Apr/2024:10:22:13 +0200] "GET /_matrix/cas_server.php/proxyValidate?ticket=9c6bd4a9fe9751113a6d926abc2f1b3d2c12df484ae6b830d325bbe0f0fee50755c44da86df59edf3064b02c3d8bad91e264&service=https%3A%2F%2Fmatrix.DOMAIN.NAME%2F_matrix%2Fclient%2Fr0%2Flogin%2Fcas%2Fticket%3FredirectUrl%3Dhttps%253A%252F%252Fapp.element.io%252F HTTP/1.1" 200 385 "-" "Synapse/1.104.0"
XXX.XXX.XXX.XXX - - [20/Apr/2024:10:23:28 +0200] "GET /_matrix/cas_server.php/login?service=https%3A%2F%2Fmatrix.DOMAIN.NAME%2F_matrix%2Fclient%2Fr0%2Flogin%2Fcas%2Fticket%3FredirectUrl%3Dhttps%253A%252F%252Fapp.element.io%252F HTTP/2.0" 302 138 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0"
XXX.XXX.XXX.XXX - - [20/Apr/2024:10:33:05 +0200] "GET /_matrix/cas_server.php/login?service=https%3A%2F%2Fmatrix.DOMAIN.NAME%2F_matrix%2Fclient%2Fr0%2Flogin%2Fcas%2Fticket%3FredirectUrl%3Dhttps%253A%252F%252Fapp.element.io%252F HTTP/2.0" 302 138 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0"
XXX.XXX.XXX.XXX - - [20/Apr/2024:10:33:13 +0200] "GET /_matrix/cas_server.php/login?service=https://matrix.DOMAIN.NAME/_matrix/client/r0/login/cas/ticket?redirectUrl=https%3A%2F%2Fapp.element.io%2F&sso_login=7DE8288312186CFA8B14CBEFE292CD2F9EF3E4CADF4407816A9F987AB8A3EF8C516620A5CBA4705B4FE5DB05EE7CC7578F3E04EC94A1BECB0AB85DBF59753878 HTTP/2.0" 302 138 "https://DOMAIN.NAME/" "Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0"
XXX.XXX.XXX.XXX - - [20/Apr/2024:10:33:13 +0200] "GET /_matrix/cas_server.php/login?service=https://matrix.DOMAIN.NAME/_matrix/client/r0/login/cas/ticket?redirectUrl=https://app.element.io/ HTTP/2.0" 302 138 "https://DOMAIN.NAME/" "Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0"
XXX.XXX.XXX.XXX - - [20/Apr/2024:10:33:40 +0200] "GET /_matrix/cas_server.php/login?service=https://matrix.DOMAIN.NAME/_matrix/client/r0/login/cas/ticket?redirectUrl=https%3A%2F%2Fapp.element.io%2F&sso_login=25CD14A13F77241A40551D2FD71CCEF9947971E50CCC2F67C79729E17E661D61EFAA3C5A2385EE3BAF0947F19C1848AC37EAE7AADD8BC88483E973D43A59C3C9 HTTP/2.0" 302 138 "https://DOMAIN.NAME/" "Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0"
XXX.XXX.XXX.XXX - USER1 [20/Apr/2024:10:33:40 +0200] "GET /_matrix/cas_server.php/login?service=https://matrix.DOMAIN.NAME/_matrix/client/r0/login/cas/ticket?redirectUrl=https://app.element.io/ HTTP/2.0" 302 0 "https://DOMAIN.NAME/" "Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0"
::1 - - [20/Apr/2024:10:33:40 +0200] "GET /_matrix/cas_server.php/proxyValidate?ticket=def69e70e129a6dedb10d0f6dd8c73d281ad254cf6bdb4c0695694a38600194a773546ac02357a6dd898a6fc7ec47e491adc&service=https%3A%2F%2Fmatrix.DOMAIN.NAME%2F_matrix%2Fclient%2Fr0%2Flogin%2Fcas%2Fticket%3FredirectUrl%3Dhttps%253A%252F%252Fapp.element.io%252F HTTP/1.1" 200 375 "-" "Synapse/1.104.0"
XXX.XXX.XXX.XXX - - [20/Apr/2024:10:43:52 +0200] "GET /_matrix/cas_server.php/login?service=https%3A%2F%2Fmatrix.DOMAIN.NAME%2F_matrix%2Fclient%2Fr0%2Flogin%2Fcas%2Fticket%3FredirectUrl%3Dhttps%253A%252F%252Fapp.element.io%252F HTTP/2.0" 302 138 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0"
XXX.XXX.XXX.XXX - - [20/Apr/2024:10:44:03 +0200] "GET /_matrix/cas_server.php/login?service=https://matrix.DOMAIN.NAME/_matrix/client/r0/login/cas/ticket?redirectUrl=https%3A%2F%2Fapp.element.io%2F&sso_login=6B0BB36C2CE59B45CB2F3531FF8898F3763CA5705F6827550DAF1AAEB5661204A87E365C2DEBF08DA940C8070710B72465E9577EA8EBBC14F4F49810A8657F93 HTTP/2.0" 302 138 "https://DOMAIN.NAME/" "Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0"
XXX.XXX.XXX.XXX - - [20/Apr/2024:10:44:03 +0200] "GET /_matrix/cas_server.php/login?service=https://matrix.DOMAIN.NAME/_matrix/client/r0/login/cas/ticket?redirectUrl=https://app.element.io/ HTTP/2.0" 302 138 "https://DOMAIN.NAME/" "Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0"
XXX.XXX.XXX.XXX - - [20/Apr/2024:10:46:39 +0200] "GET /_matrix/cas_server.php/login?service=https%3A%2F%2Fmatrix.DOMAIN.NAME%2F_matrix%2Fclient%2Fr0%2Flogin%2Fcas%2Fticket%3FredirectUrl%3Dhttps%253A%252F%252Fapp.element.io%252F HTTP/2.0" 302 138 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0"
XXX.XXX.XXX.XXX - - [20/Apr/2024:10:46:46 +0200] "GET /_matrix/cas_server.php/login?service=https://matrix.DOMAIN.NAME/_matrix/client/r0/login/cas/ticket?redirectUrl=https%3A%2F%2Fapp.element.io%2F&sso_login=5326C463A78D479089D4668536C9ADEAA730B4D97C3C6E427113FBE78B631D0F33527D322F706658C0C44B9C9C621624EB1734062851D38651FA85E1CAD6AE63 HTTP/2.0" 302 138 "https://DOMAIN.NAME/" "Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0"
XXX.XXX.XXX.XXX - USER1 [20/Apr/2024:10:46:46 +0200] "GET /_matrix/cas_server.php/login?service=https://matrix.DOMAIN.NAME/_matrix/client/r0/login/cas/ticket?redirectUrl=https://app.element.io/ HTTP/2.0" 302 0 "https://DOMAIN.NAME/" "Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0"
::1 - - [20/Apr/2024:10:46:46 +0200] "GET /_matrix/cas_server.php/proxyValidate?ticket=4a39ce2bde831b79060d6bf50682a8ed2cdf9d0d3a12aeb9aba01066821d474bba3b1572be160a6d5ed2a1a59e72a4980c79&service=https%3A%2F%2Fmatrix.DOMAIN.NAME%2F_matrix%2Fclient%2Fr0%2Flogin%2Fcas%2Fticket%3FredirectUrl%3Dhttps%253A%252F%252Fapp.element.io%252F HTTP/1.1" 200 375 "-" "Synapse/1.104.0"
YYY.YYY.YYY.YYY - - [20/Apr/2024:11:58:46 +0200] "GET /_matrix/cas_server.php/login?service=https%3A%2F%2Fmatrix.DOMAIN.NAME%2F_matrix%2Fclient%2Fr0%2Flogin%2Fcas%2Fticket%3FredirectUrl%3Dhttps%253A%252F%252Fapp.element.io%252F HTTP/2.0" 302 138 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0"
YYY.YYY.YYY.YYY - - [20/Apr/2024:11:59:46 +0200] "GET /_matrix/cas_server.php/login?service=https://matrix.DOMAIN.NAME/_matrix/client/r0/login/cas/ticket?redirectUrl=https%3A%2F%2Fapp.element.io%2F&sso_login=E5BC654E73B8670C9D0E7D023E66292B321A01B7FDB28164ACB346BB84EC3149980A37469C84E90A2C058E9306E1D1D9A03A589E5F775A14A3B0F9B4E3DB3705 HTTP/2.0" 302 138 "https://DOMAIN.NAME/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0"
YYY.YYY.YYY.YYY - USER1 [20/Apr/2024:11:59:47 +0200] "GET /_matrix/cas_server.php/login?service=https://matrix.DOMAIN.NAME/_matrix/client/r0/login/cas/ticket?redirectUrl=https://app.element.io/ HTTP/2.0" 302 0 "https://DOMAIN.NAME/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0"
::1 - - [20/Apr/2024:11:59:48 +0200] "GET /_matrix/cas_server.php/proxyValidate?ticket=ed8867f98ee6664f0f52fb4b59ad1039eb95ab6b4cdedb27d8d98393fe263cdb018eb970f6cd927ae79e029529d681680ff8&service=https%3A%2F%2Fmatrix.DOMAIN.NAME%2F_matrix%2Fclient%2Fr0%2Flogin%2Fcas%2Fticket%3FredirectUrl%3Dhttps%253A%252F%252Fapp.element.io%252F HTTP/1.1" 200 375 "-" "Synapse/1.104.0"
YYY.YYY.YYY.YYY - USER1 [20/Apr/2024:12:18:11 +0200] "GET /_matrix/cas_server.php/login?service=https%3A%2F%2Fmatrix.DOMAIN.NAME%2F_matrix%2Fclient%2Fr0%2Flogin%2Fcas%2Fticket%3FredirectUrl%3Dhttps%253A%252F%252Fapp.element.io%252F HTTP/2.0" 302 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0"
::1 - - [20/Apr/2024:12:18:11 +0200] "GET /_matrix/cas_server.php/proxyValidate?ticket=c583d2b530125b19e380a721503645da94ed5863ea53336f330fed78f9a8974b24f27c300ff36b3af0ee0b7f63c471dc5535&service=https%3A%2F%2Fmatrix.DOMAIN.NAME%2F_matrix%2Fclient%2Fr0%2Flogin%2Fcas%2Fticket%3FredirectUrl%3Dhttps%253A%252F%252Fapp.element.io%252F HTTP/1.1" 200 375 "-" "Synapse/1.104.0"
USER1 and USER2 are two old users who have a matrix account from before the update. I could not find any username of a new user (post update).
Reach to the SSO screen
Do you mean on domain.tld/yunohost/sso ?
Exactly. An old user is redirected, as expected, to domain.tld/_matrix/client/r0/login/cas/ticket?redirectUrl=xxxxxxxx A new user is redirected to domain.tld/yunohost/sso
are you sure that the user have the permission to access to synapse (with yunohost user permission list synapse
) ?
(note we can discuss with matrix it might be easier)
~ $ sudo yunohost user permission list synapse
permissions:
synapse.admin_api:
allowed:
- admins
- visitors
synapse.main:
allowed: all_users
synapse.server_api:
allowed: visitors
synapse.server_client_infos:
allowed: visitors
If you try this from the new user https://domain.tld/_matrix/cas_server.php
what is the result ? And what is nginx log that you have related to this request ?
https://domain.tld/_matrix/cas_server.php
redirect the new user to https://domain.tld/yunohost/sso
Well actually it's the same for old user also.
The log I mention wasn't nginx log but tail -f /var/log/matrix-synapse/homeserver.log
Well I think if there are a redirection to the yunohost sso it's more an issue on nginx/sso side than on synapse it's why I would like the log of nginx to understand why there are this redirection. Can you share me also the content of /etc/ssowat/conf.json
and /etc/ssowat/conf.json.persistent
.
sudo cat /etc/ssowat/conf.json
{
"additional_headers": {
"Auth-User": "uid",
"Email": "mail",
"Name": "cn",
"Remote-User": "uid"
},
"domains": [
"domain2.tld",
"domain.tld",
"USER1.domain.tld",
"USER2.domain.tld",
"gdev.domain.tld",
"matrix.domain.tld",
"admin.matrix.domain.tld",
"domain3.tld",
"borgserver.domain3.tld"
],
"permissions": {
"core_skipped": {
"auth_header": false,
"label": "Core permissions - skipped",
"public": true,
"show_tile": false,
"uris": [
"domain2.tld/yunohost/admin",
"domain.tld/yunohost/admin",
"USER1.domain.tld/yunohost/admin",
"USER2.domain.tld/yunohost/admin",
"gdev.domain.tld/yunohost/admin",
"matrix.domain.tld/yunohost/admin",
"admin.matrix.domain.tld/yunohost/admin",
"domain3.tld/yunohost/admin",
"borgserver.domain3.tld/yunohost/admin",
"domain2.tld/yunohost/api",
"domain.tld/yunohost/api",
"USER1.domain.tld/yunohost/api",
"USER2.domain.tld/yunohost/api",
"gdev.domain.tld/yunohost/api",
"matrix.domain.tld/yunohost/api",
"admin.matrix.domain.tld/yunohost/api",
"domain3.tld/yunohost/api",
"borgserver.domain3.tld/yunohost/api",
"re:^[^/]/502%.html$",
"re:^[^/]*/%.well%-known/ynh%-diagnosis/.*$",
"re:^[^/]*/%.well%-known/acme%-challenge/.*$",
"re:^[^/]*/%.well%-known/autoconfig/mail/config%-v1%.1%.xml.*$"
],
"users": []
},
"my_webapp__2.main": {
"auth_header": true,
"label": "Site de USER1",
"public": true,
"show_tile": true,
"uris": [
"USER1.domain.tld"
],
"use_remote_user_var_in_nginx_conf": true,
"users": [
"USER3",
"USER4",
"USER5",
"USER6",
"NEWUSER2",
"USER8",
"USER9",
"USER10",
"USER11",
"ADMIN1",
"USER12",
"USER13",
"USER2",
"NEWUSER1",
"USER7"
]
},
"piwigo.main": {
"auth_header": true,
"label": "Galerie de USER2",
"public": true,
"show_tile": true,
"uris": [
"USER2.domain.tld"
],
"use_remote_user_var_in_nginx_conf": true,
"users": [
"USER3",
"USER4",
"USER5",
"USER6",
"NEWUSER2",
"USER8",
"USER9",
"USER10",
"USER11",
"ADMIN1",
"USER12",
"USER13",
"USER2",
"NEWUSER1",
"USER7"
]
},
"synapse-admin.main": {
"auth_header": true,
"label": "Synapse Admin",
"public": false,
"show_tile": true,
"uris": [
"admin.matrix.domain.tld"
],
"use_remote_user_var_in_nginx_conf": false,
"users": [
"ADMIN1"
]
},
"synapse.admin_api": {
"auth_header": false,
"label": "Synapse (Server administration API.)",
"public": true,
"show_tile": false,
"uris": [
"matrix.domain.tld/_synapse"
],
"use_remote_user_var_in_nginx_conf": true,
"users": [
"ADMIN1"
]
},
"synapse.main": {
"auth_header": true,
"label": "Synapse",
"public": false,
"show_tile": false,
"uris": [
"matrix.domain.tld",
"matrix.domain.tld/_matrix/cas_server.php/login"
],
"use_remote_user_var_in_nginx_conf": true,
"users": [
"USER3",
"USER4",
"USER5",
"USER6",
"NEWUSER2",
"USER8",
"USER9",
"USER10",
"USER11",
"ADMIN1",
"USER12",
"USER13",
"USER2",
"NEWUSER1",
"USER7"
]
},
"synapse.server_api": {
"auth_header": false,
"label": "Synapse (Server access for client apps.)",
"public": true,
"show_tile": false,
"uris": [
"matrix.domain.tld/_matrix"
],
"use_remote_user_var_in_nginx_conf": true,
"users": []
},
"synapse.server_client_infos": {
"auth_header": false,
"label": "Synapse (Server info for clients. (well-known))",
"public": true,
"show_tile": false,
"uris": [
"domain.tld/.well-known/matrix"
],
"use_remote_user_var_in_nginx_conf": true,
"users": []
}
},
"portal_domain": "domain.tld",
"portal_path": "/yunohost/sso/",
"redirected_regex": {
"domain.tld/yunohost[\\/]?$": "https://domain.tld/yunohost/sso/"
},
"redirected_urls": {},
"theme": "default"
sudo cat /etc/ssowat/conf.json.persistent
{
"permissions": {
"custom_protected": {
"auth_header": true,
"label": "Custom permissions - protected",
"public": false,
"show_tile": false,
"uris": [
"matrix.domain.tld/_matrix/cas_server.php/login"
],
"users": [
"USER1",
"ADMIN1",
"USER2",
"USER4",
"USER5",
"USER5",
"USER6",
"USER7"
]
},
"custom_skipped": {
"auth_header": false,
"label": "Custom permissions - skipped",
"public": true,
"show_tile": false,
"uris": [
"matrix.domain.tld/_matrix",
"domain.tld/.well-known/matrix/"
],
"users": []
}
},
"redirected_urls": {
}
}
Je remarque que NEWUSER1 and NEWUSER2 are not listed in/etc/ssowat/conf.json.persistent
"permissions": {
"custom_protected": {
"users": [
]
},
}
and also some old users aren't listed neither. Maybe I'll try (if I can) if thoose old user account can connect or not.
Indeed, if I try to login in app.element.io with CAS on matrix.domain.tld with one of the old user account not listed in /etc/ssowat/
:
conf.json.persistent
"permissions": {
"custom_protected": {
"users": [
]
},
}
it doesn't work neither.
I'd like to add also the fact that in /etc/ssowat/conf.json.persistent
:
{
"permissions": {
"redirected_urls": {
}
}
are actually listed two very old redirection unused today (i removed them before copy/paste).
So it sounds like /etc/ssowat/conf.json.persistent
is very much not up to date.
Well it depends. Since a long time synapse don't manage this file. So either you have a really old install and there still are some dirty thing linked to the history or you did a customization.
I have a very old installation I guess but no customization.
What should I do?
Can I delete /etc/ssowat/conf.json.persistent
and ask yunohost to recreate one?
Well actually, if synapse don't manage it anymore, I guess yunohost won't generate any as everything is related to synapse in it except
{
"permissions": {
"redirected_urls": {
}
}
which are also very old redirection unused today anyway.
So it sounds like a heritage unnecessary.
No the /etc/ssowat/conf.json.persistent
config file explicitly made for customization so yunohost won't manage it. The only reason that this file was modified by synapse is before the permission existed and there was no way to do what we needed so we used this file but it was like a hack. But now since a long time it's not managed by anything.
If you don't need any customization you can just put {}
in this file it will be enough.
Thank you @Josue-T . I did that and it solved this issue!
Describe the bug
Old users can connect to synapse thanks to Element app and CAS. New created user can't login thanks to CAS.
Context
Steps to reproduce
Create a new user. Connect to SSO with this user. Go to app.element.io Choose our synapse server adress Click on "Continue with CAS" Reach to the SSO screen
Expected behavior
Be redirected to an url like
/_matrix/client/r0/login/cas/ticket?redirectUrl=
as it is the case for old accounts who have already used synapse server in the past.Logs
in logs, I can see that when I attempt to login with new account :
and this when I login with old account :