search

bigbluebutton / greenlight

A really simple end-user interface for your BigBlueButton server.
GNU Lesser General Public License v3.0
794 stars 3.8k forks source link

v3: OpenID Connect to Nextcloud gives error "Authentication failure! undefined method `to_sym' for nil:NilClass" #4869

Open jacotec opened 1 year ago

jacotec commented 1 year ago

While OpenID connect from Greenlight to Keycloak works fine, unfortunately it does not work using Nextcloud as OIDC provider.

When hitting the "Login" button, it's correctly redirected to the Nextcloud authentication, but after auth Greenlight throws a 404 error "Page not found".

In the container logs I see the following omniauth issue:

I, [2023-02-24T08:31:11.892458 #125]  INFO -- : [e7b2c4ec-72da-450f-89c3-bc3564e77905] Started POST "/auth/openid_connect" for xx.xx.xx.xx at 2023-02-24 08:31:11 +0000
D, [2023-02-24T08:31:11.893091 #125] DEBUG -- omniauth: (openid_connect) Request phase initiated.
Unknown key: SameSite = Lax
Unknown key: SameSite = lax
Unknown key: SameSite = strict
Unknown key: SameSite = Lax
I, [2023-02-24T08:31:25.628294 #125]  INFO -- : [b0c0b6ff-4b86-4b2c-8603-0dd31cf642f0] Started GET "/auth/openid_connect/callback?state=ac6cd229be480b5a69a8e168d8b13753&code=6Q1H9w31567cpvHdOR7uJLKFG0tAGN2D2PQxroz9KYirynoGMUVuhTYW5PUSwgLUzAfSgmkeleB7L9BmcpLtuLptXX8oQDIg9CDTjZtz2ZD88gvRoDdnXyz0vmNVxqXl" for xx.xx.xx.xx at 2023-02-24 08:31:25 +0000
D, [2023-02-24T08:31:25.629055 #125] DEBUG -- omniauth: (openid_connect) Callback phase initiated.
Unknown key: SameSite = Lax
Unknown key: SameSite = lax
Unknown key: SameSite = strict
Unknown key: SameSite = Lax
Unknown key: SameSite = Lax
Unknown key: SameSite = lax
Unknown key: SameSite = strict
Unknown key: SameSite = Lax
E, [2023-02-24T08:31:26.110870 #125] ERROR -- omniauth: (openid_connect) Authentication failure! undefined method `to_sym' for nil:NilClass
      env['omniauth.error.type'] = message_key.to_sym
                                              ^^^^^^^: NoMethodError, undefined method `to_sym' for nil:NilClass
      env['omniauth.error.type'] = message_key.to_sym
                                              ^^^^^^^
I, [2023-02-24T08:31:26.152158 #125]  INFO -- : [4111d071-6e4d-4b1a-b875-9438a5ceaeb1] Started GET "/auth/failure?message=undefined+method+%60to_sym%27+for+nil%3ANilClass%0A%0A++++++env%5B%27omniauth.error.type%27%5D+%3D+message_key.to_sym%0A++++++++++++++++++++++++++++++++++++++++++++++%5E%5E%5E%5E%5E%5E%5E&origin=https%3A%2F%2Fmeet.fep.de%2F&strategy=openid_connect" for xx.xx.xx.xx at 2023-02-24 08:31:26 +0000
I, [2023-02-24T08:31:26.155474 #125]  INFO -- : [4111d071-6e4d-4b1a-b875-9438a5ceaeb1] Processing by ComponentsController#index as HTML
I, [2023-02-24T08:31:26.155540 #125]  INFO -- : [4111d071-6e4d-4b1a-b875-9438a5ceaeb1]   Parameters: {"message"=>"undefined method `to_sym' for nil:NilClass\n\n      env['omniauth.error.type'] = message_key.to_sym\n                                              ^^^^^^^", "origin"=>"https://meet.fep.de/", "strategy"=>"openid_connect", "path"=>"auth/failure"}

Any idea what's wrong is highly appreciated.

farhatahmad commented 1 year ago

Hmm this is extremely tough to debug. What's happening is that there is some sort of failure happening during the process, but that error gets overwritten because of either a bug in the omniauth gem or an issue with Nextcloud not sending a required parameter.

The result is basically the internal error overwriting the real error causing all of this to occur

I'm going to do some more research to see if I can find out what's triggering this issue

jacotec commented 1 year ago

I guess when you try to authenticate against the Nextcloud OIDC you should face the same stuff.

Let me know if I can help with something, logs etc.

farhatahmad commented 1 year ago

I don't have access to a NextCloud OIDC so it's tough for me to debug on my end - any chance you configure a test client for me and email me the credentials?

jacotec commented 1 year ago

@farhatahmad Yeah, I think I can give you a test user and credentials to test this against my Nextcloud. I'll email you the access once I did it.

jacotec commented 1 year ago

@farhatahmad eMail sent. I need your redirect URI via mail to configure the OIDC provider correctly.

jacotec commented 1 year ago

@farhatahmad Just want to ask if there is any news in this issue?

himpierre commented 2 months ago

@jacotec Do you mind sharing your nextcloud - greenlight configs (sensitive data cleared of course)? I'm struggling setting this up. Keep getting 404. The greenlight logs state just: D, [2024-07-26T14:29:47.777511 #1] DEBUG -- omniauth: (openid_connect) Request phase initiated. E, [2024-07-26T14:29:47.963790 #1] ERROR -- omniauth: (openid_connect) Authentication failure! Not Found: OpenIDConnect::Discovery::DiscoveryFailed, Not Found

Nextcloud OIDC Provider Settings: Redirect URI: Greenlight URL Client Identifier: xxx -> Copied to Greenlight .env OPENID_CONNECT_CLIENT_ID Secret: xxx -> Copied to Greenlight .env OPENID_CONNECT_CLIENT_SECRET Signing Algorithm: RS256 Type: confidential Flows: Code Authorization Flow Dynamic Client Registration: disabled

When I do curl the OPENID_CONNECT_ISSUER=https://mydomain/.well-known/openid-configuration I see all the fancy stuff.

That's basically it. Any help really appreciated. cheers!